vtiger CRM 'graph.php ' Script Authentication Bypass Vulnerability
BID:51192
Info
vtiger CRM 'graph.php ' Script Authentication Bypass Vulnerability
| Bugtraq ID: | 51192 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 28 2011 12:00AM |
| Updated: | Dec 28 2011 12:00AM |
| Credit: | Francois Harvey |
| Vulnerable: |
vtiger vtiger CRM 5.2.1 vtiger vtiger CRM 5.2 vtiger vtiger CRM 5.0.4 vtiger vtiger CRM 5.0.3 vtiger vtiger CRM 4.2.4 vtiger vtiger CRM 4.2 vtiger vtiger CRM 5.0.4 RC |
| Not Vulnerable: |
vtiger vtiger CRM 5.3 |
Discussion
vtiger CRM 'graph.php ' Script Authentication Bypass Vulnerability
vtiger CRM is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to bypass the authentication process, download the database backup and modify configurations settings.
vtiger CRM 5.2.1 is vulnerable; other versions may also be affected.
vtiger CRM is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to bypass the authentication process, download the database backup and modify configurations settings.
vtiger CRM 5.2.1 is vulnerable; other versions may also be affected.
Exploit / POC
vtiger CRM 'graph.php ' Script Authentication Bypass Vulnerability
An attacker can use readily available tools to exploit this issue.
An attacker can use readily available tools to exploit this issue.
Solution / Fix
vtiger CRM 'graph.php ' Script Authentication Bypass Vulnerability
Solution:
Vendor updates are available. Please see the references for details.
Solution:
Vendor updates are available. Please see the references for details.
References
vtiger CRM 'graph.php ' Script Authentication Bypass Vulnerability
References:
References:
- vtiger Homepage (vtiger)
- Advisory: MEDS-2011-01 �?? VTigerCRM Anonymous access to Setting Module (Francois Harvey)