Vtiger CRM 6.3.0 Authenticated Logo Upload Remote Command Execution

Discussion in 'News Aggregator' started by Packet Storm, 31 Jul 2018.

  1. Packet Storm

    Packet Storm Guest

    Vtiger version 6.3.0 CRM's administration interface allows for the upload of a company logo. Instead of uploading an image, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against vTiger CRM version 6.3.0.

    Continue reading...
     
    #1 Packet Storm, 31 Jul 2018
(You must log in or sign up to post here.)

Share This Page

Loading...