ush.it - a beautiful place

Vtiger CRM 5.2.0 Multiple Vulnerabilities

November 16, 2010 at 10:46 pm - Filed under Hacks - 1279 words, reading time ~4 minutes - Permalink - Comments

Giovanni "evilaliv3" Pellerano and Alessandro "jekil" Tanasi found multiple vulnerabilities in Vtiger CRM 5.2.0, a software we already audited in the past. High impact (for a web application) findings include a Remote Command Execution issue (thanks to a possible bypass in the file upload extension blacklist) and a Local File Inclusion that can be exploited by unauthenticated users. Two separate Cross Site Scripting issues have been found, the first on the login.

THP USH Wisec DigitalBullets