CVE-2005-3823

Опубликовано: 26 нояб. 2005

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function.

Ссылки

http://marc.info/?l=full-disclosure&m=113290708121951&w=2
http://secunia.com/advisories/17693
Vendor Advisory
http://securitytracker.com/id?1015274
http://www.securityfocus.com/archive/1/417711/30/0/threaded
http://www.securityfocus.com/bid/15569
http://www.vupen.com/english/advisories/2005/2569
http://marc.info/?l=full-disclosure&m=113290708121951&w=2
http://secunia.com/advisories/17693
Vendor Advisory
http://securitytracker.com/id?1015274
http://www.securityfocus.com/archive/1/417711/30/0/threaded
http://www.securityfocus.com/bid/15569
http://www.vupen.com/english/advisories/2005/2569

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*

Версия до 4.2 (включая)

EPSS

Процентиль: 79%

0.012

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-9r34-9mhm-m59q

github

почти 4 года назад