CVE-2013-3215

Related Files

vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload

Posted Jan 7, 2014

Authored by EgiX, juan vazquez | Site metasploit.com

vTiger CRM allows an user to bypass authentication when requesting SOAP services. In addition, arbitrary file upload is possible through the AddEmailAttachment SOAP service. By combining both vulnerabilities an attacker can upload and execute PHP code. This Metasploit module has been tested successfully on vTiger CRM v5.4.0 over Ubuntu 10.04 and Windows 2003 SP2.

tags | exploit, arbitrary, php, vulnerability, file upload

systems | linux, windows, ubuntu

advisories | CVE-2013-3214, CVE-2013-3215, OSVDB-95902, OSVDB-95903

SHA-256 | 096231674c8f8b909aa615a43b74ff7759a1a02e9d084e43958295c8fdccd15f

Download | Favorite | View

vtiger CRM 5.4.0 Authentication Bypass

Posted Aug 2, 2013

Authored by EgiX | Site karmainsecurity.com

vtiger CRM versions 5.4.0 and below suffer from an authentication bypass vulnerability in the validateSession() function of multiple SOAP services.

tags | advisory, bypass

advisories | CVE-2013-3215

SHA-256 | 4c13f831557ef27b5842aff9fd698a9ebf4ce0876e6b9976884ca5c5550883da

Download | Favorite | View