Описание
modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed on every page load).
Ссылки
- Product
- Patch
- Exploit
- Product
- Product
- Patch
- Exploit
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:vtiger:vtiger_crm:7.5.0:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.20756
Средний
8.1 High
CVSS3
Дефекты
CWE-74
Связанные уязвимости
CVSS3: 8.1
github
почти 2 года назад
modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed on every page load).
EPSS
Процентиль: 95%
0.20756
Средний
8.1 High
CVSS3
Дефекты
CWE-74