CVE-2009-3250
CVE-2009-3250
The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/9450unverifiedexploitdbwww.exploit-db.com/exploits/9450unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://marc.info/?l=bugtraq&m=125060676515670&w=2http://secunia.com/advisories/36309http://www.exploit-db.com/exploits/9450http://www.osvdb.org/57237http://www.securityfocus.com/bid/36062http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txthttp://www.vupen.com/english/advisories/2009/2319