cbcvebase.
CVE-2009-3250
published 2009-09-18

CVE-2009-3250: The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by…

PriorityP356critical9CVSS 2.0
AVNACLAuSCCICAC
EXPLOIT
EPSS
10.93%
95.3th percentile
The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.

Affected

1 ranges
VendorProductVersion rangeFixed in
vtigervtiger_crm
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.