cbcvebase.
CVE-2005-3820
published 2005-11-26

CVE-2005-3820: Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an…

PriorityP428medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EPSS
2.74%
84.3th percentile
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file.

Affected

1 ranges
VendorProductVersion rangeFixed in
vtigervtiger_crm<= 4.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.