CVE-2015-6000: Malicious File Upload
First published: Thu Feb 06 2020(Updated: )
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Vtiger Vtiger Crm | <=6.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2015-6000?
CVE-2015-6000 is an unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in Vtiger CRM 6.3.0 and earlier, allowing remote authenticated users to execute arbitrary code by uploading a file with an executable extension.
How does CVE-2015-6000 affect Vtiger CRM?
CVE-2015-6000 affects Vtiger CRM 6.3.0 and earlier versions.
What is the severity of CVE-2015-6000?
CVE-2015-6000 has a severity rating of 8.8 (high).
How can remote authenticated users exploit CVE-2015-6000?
Remote authenticated users can exploit CVE-2015-6000 by uploading a file with an executable extension, which allows them to execute arbitrary code on the system.
Are there any fixes available for CVE-2015-6000?
To fix CVE-2015-6000, it is recommended to update Vtiger CRM to a version higher than 6.3.0.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/vtiger
- canonical/vtiger vtiger crm
- version/vtiger vtiger crm/6.3.0