First published: Fri Nov 26 2010(Updated: )
Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang_crm parameter to phprint.php or (2) the current_language parameter in an Accounts Import action to graph.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Vtiger Vtiger Crm | =3 | |
Vtiger Vtiger Crm | =5.0.3 | |
Vtiger Vtiger Crm | <=5.2.0 | |
Vtiger Vtiger Crm | =5.1.0 | |
Vtiger Vtiger Crm | =2.0.1 | |
Vtiger Vtiger Crm | =2.0 | |
Vtiger Vtiger Crm | =4.2 | |
Vtiger Vtiger Crm | =4.2 | |
Vtiger Vtiger Crm | =5.0.4 | |
Vtiger Vtiger Crm | =2.1 | |
Vtiger Vtiger Crm | =5.1.0-rc | |
Vtiger Vtiger Crm | =4 | |
Vtiger Vtiger Crm | =4.0 | |
Vtiger Vtiger Crm | =3.0-beta | |
Vtiger Vtiger Crm | =3.0 | |
Vtiger Vtiger Crm | =4-rc1 | |
Vtiger Vtiger Crm | =5.0.0 | |
Vtiger Vtiger Crm | =5.0.2 | |
Vtiger Vtiger Crm | =3.2 | |
Vtiger Vtiger Crm | =5.0.4-rc | |
Vtiger Vtiger Crm | =1.0 | |
Vtiger Vtiger Crm | =4-beta | |
Vtiger Vtiger Crm | =4.2.4 | |
Vtiger Vtiger Crm | =4.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.