CVE-2009-3249
published 2009-09-18CVE-2009-3249: Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1)…
PriorityP349high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
9.59%
94.9th percentile
Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the module parameter to graph.php; or the (2) module or (3) file parameter to include/Ajax/CommonAjax.php, reachable through modules/Campaigns/CampaignsAjax.php, modules/SalesOrder/SalesOrderAjax.php, modules/System/SystemAjax.php, modules/Products/ProductsAjax.php, modules/uploads/uploadsAjax.php, modules/Dashboard/DashboardAjax.php, modules/Potentials/PotentialsAjax.php, modules/Notes/NotesAjax.php, modules/Faq/FaqAjax.php, modules/Quotes/QuotesAjax.php, modules/Utilities/UtilitiesAjax.php, modules/Calendar/ActivityAjax.php, modules/Calendar/CalendarAjax.php, modules/PurchaseOrder/PurchaseOrderAjax.php, modules/HelpDesk/HelpDeskAjax.php, modules/Invoice/InvoiceAjax.php, modules/Accounts/AccountsAjax.php, modules/Reports/ReportsAjax.php, modules/Contacts/ContactsAjax.php, and modules/Portal/PortalAjax.php; and allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the step parameter in an Import action to the (4) Accounts, (5) Contacts, (6) HelpDesk, (7) Leads, (8) Potentials, (9) Products, or (10) Vendors module, reachable through index.php and related to modules/Import/index.php and multiple Import.php files.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vtiger | vtiger_crm | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
vTiger CRM 5.0.4 - Local File Inclusion
exploitdb·2011-03-05·CVSS 7.5
CVE-2009-3249 [HIGH] vTiger CRM 5.0.4 - Local File Inclusion
vTiger CRM 5.0.4 - Local File Inclusion
---
#!/usr/bin/python
# ~INFORMATION: #
# Exploit Title: Vtiger CRM 5.0.4 Pre-Auth Local File Inclusion Exploit #
# Google Dork: "The honest Open Source CRM" "vtiger CRM 5.0.4" #
# Date: 5/3/2011 #
# CVE: CVE-2009-3249 #
# Windows link: http://bit.ly/fiOYCL #
# Linux link: http://bit.ly/hluzLf #
# Tested on: Windows XP/Linux Ubuntu #
# PHP.ini Settings: gpc_magic_quotes = Off #
# Advisory: http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt #
# Creds: Giovanni "evilaliv3" Pellerano, Antonio "s4tan" Parata and Francesco #
# "ascii" Ongaro are credited with the discovery of this vulnerability. #
# Greetz: mr_me, sud0, sinn3r & my other fellow hackers #
# Note: Loading URL files may require tampering of code ;-) #
# ~VULNERABLE CODE:
'''
Exploit-DB
vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting
exploitdb·2009-08-18
CVE-2009-3250 vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting
vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting
---
Vtiger CRM 5.0.4 Multiple Vulnerabilities
Name Multiple Vulnerabilities in Vtiger CRM
Systems Affected Vtiger CRM 5.0.4 and possibly earlier versions
Severity Medium
Impact (CVSSv2) Medium 6/10, vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Vendor http://www.vtigercrm.com
Advisory
http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt
Authors Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Date 20090818
I. BACKGROUND
Vtiger CRM is a free, full-featured, 100% Open Source CRM software ideal
for small and medium businesses, with low-cost product support available
to prod
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=125060676515670&w=2http://secunia.com/advisories/36309http://securityreason.com/securityalert/8118http://www.exploit-db.com/exploits/9450http://www.osvdb.org/57239http://www.securityfocus.com/bid/36062http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txthttp://www.vupen.com/english/advisories/2009/2319http://marc.info/?l=bugtraq&m=125060676515670&w=2http://secunia.com/advisories/36309http://securityreason.com/securityalert/8118http://www.exploit-db.com/exploits/9450http://www.osvdb.org/57239http://www.securityfocus.com/bid/36062http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txthttp://www.vupen.com/english/advisories/2009/2319
2009-09-18
Published