cvelistv5 - CVE-2008-3458

CVE-2008-3458 (GCVE-0-2008-3458)

Vulnerability from cvelistv5

Published

2008-08-04 19:00

Modified

2024-09-16 16:18

Severity ?

CWE

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/28370	Third Party Advisory
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=567189	Broken Link
cve@mitre.org	http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811	Exploit, Vendor Advisory
cve@mitre.org	http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107	Vendor Advisory
cve@mitre.org	http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes	Vendor Advisory
cve@mitre.org	http://www.osvdb.org/40218	Broken Link
cve@mitre.org	http://www.securityfocus.com/bid/27228	Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28370	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=567189	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/40218	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27228	Patch, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:37:27.156Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "27228",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27228"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=567189"
          },
          {
            "name": "40218",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/40218"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes"
          },
          {
            "name": "28370",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28370"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-08-04T19:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "27228",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27228"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=567189"
        },
        {
          "name": "40218",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/40218"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes"
        },
        {
          "name": "28370",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28370"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3458",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27228",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27228"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=567189",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=567189"
            },
            {
              "name": "40218",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/40218"
            },
            {
              "name": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107",
              "refsource": "CONFIRM",
              "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107"
            },
            {
              "name": "http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes",
              "refsource": "CONFIRM",
              "url": "http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes"
            },
            {
              "name": "28370",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28370"
            },
            {
              "name": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811",
              "refsource": "MISC",
              "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3458",
    "datePublished": "2008-08-04T19:00:00Z",
    "dateReserved": "2008-08-04T00:00:00Z",
    "dateUpdated": "2024-09-16T16:18:19.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-3458\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-08-04T19:41:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory.\"},{\"lang\":\"es\",\"value\":\"Vtiger CRM versiones anteriores a 5.0.4 almacena informaci\u00f3n sensible bajo la ra\u00edz web con insuficiente control de acceso, lo cual permite a atacantes remotos leer plantillas combinadas de mail a trav\u00e9s de una petici\u00f3n directa al directorio wordtemplatedownload.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.0.3\",\"matchCriteriaId\":\"5BE467FF-870E-47A8-800D-C16FC260229C\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/28370\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=567189\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/40218\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/27228\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://secunia.com/advisories/28370\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=567189\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/40218\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/27228\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

fkie_cve-2008-3458

Vulnerability from fkie_nvd

Published

2008-08-04 19:41

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/28370	Third Party Advisory
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=567189	Broken Link
cve@mitre.org	http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811	Exploit, Vendor Advisory
cve@mitre.org	http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107	Vendor Advisory
cve@mitre.org	http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes	Vendor Advisory
cve@mitre.org	http://www.osvdb.org/40218	Broken Link
cve@mitre.org	http://www.securityfocus.com/bid/27228	Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28370	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=567189	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/40218	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27228	Patch, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	vtiger	vtiger_crm	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BE467FF-870E-47A8-800D-C16FC260229C",
              "versionEndIncluding": "5.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory."
    },
    {
      "lang": "es",
      "value": "Vtiger CRM versiones anteriores a 5.0.4 almacena informaci\u00f3n sensible bajo la ra\u00edz web con insuficiente control de acceso, lo cual permite a atacantes remotos leer plantillas combinadas de mail a trav\u00e9s de una petici\u00f3n directa al directorio wordtemplatedownload."
    }
  ],
  "id": "CVE-2008-3458",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-08-04T19:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/28370"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=567189"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/40218"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/27228"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/28370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=567189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/40218"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/27228"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2008-3458

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2008-3458

Aliases

CVE-2008-3458

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-3458",
    "description": "Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory.",
    "id": "GSD-2008-3458"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-3458"
      ],
      "details": "Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory.",
      "id": "GSD-2008-3458",
      "modified": "2023-12-13T01:23:06.041378Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-3458",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "27228",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27228"
          },
          {
            "name": "http://sourceforge.net/project/shownotes.php?release_id=567189",
            "refsource": "CONFIRM",
            "url": "http://sourceforge.net/project/shownotes.php?release_id=567189"
          },
          {
            "name": "40218",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/40218"
          },
          {
            "name": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107",
            "refsource": "CONFIRM",
            "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107"
          },
          {
            "name": "http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes",
            "refsource": "CONFIRM",
            "url": "http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes"
          },
          {
            "name": "28370",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28370"
          },
          {
            "name": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811",
            "refsource": "MISC",
            "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3458"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=567189",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=567189"
            },
            {
              "name": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107"
            },
            {
              "name": "http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes"
            },
            {
              "name": "27228",
              "refsource": "BID",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/27228"
            },
            {
              "name": "40218",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.osvdb.org/40218"
            },
            {
              "name": "28370",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/28370"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-11-22T17:25Z",
      "publishedDate": "2008-08-04T19:41Z"
    }
  }
}

Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory. vtiger CRM is prone to an information-disclosure vulnerability because the application fails to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to retrieve arbitrary files that may contain potentially sensitive information. Information harvested may be used in further attacks. This issue affects versions prior to vtiger CRM 5.0.4 RC. Vtiger CRM is an open source web-based customer relationship management system (CRM) based on Sales Force Automation (SFA).

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.

Download and test it today: https://psi.secunia.com/

Read more about this new version: https://psi.secunia.com/?page=changelog

TITLE: vtiger CRM File Disclosure Vulnerability

SECUNIA ADVISORY ID: SA28370

VERIFY ADVISORY: http://secunia.com/advisories/28370/

CRITICAL: Moderately critical

IMPACT: Exposure of sensitive information

WHERE:

From remote

SOFTWARE: vtiger CRM 5.x http://secunia.com/product/14762/

DESCRIPTION: A vulnerability has been reported in vtiger CRM, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to the application not correctly restricting access to e.g. the /test/wordtemplatedownload directory, which can be exploited to list and download directory contents.

SOLUTION: Restrict access to affected directories (e.g. via ".htaccess"). Renaming this file to ".htaccess" prohibits the listing of directory content.

PROVIDED AND/OR DISCOVERED BY: Reported in a bug by "pieper".

ORIGINAL ADVISORY: http://sourceforge.net/project/shownotes.php?release_id=567189

Bug #2107: http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200808-0340",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "crm",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "vtiger",
        "version": "5.0.3"
      },
      {
        "model": "crm",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "vtiger",
        "version": "5.0.3"
      },
      {
        "model": "crm",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "vtiger",
        "version": "5.0.4"
      },
      {
        "model": "crm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vtiger",
        "version": "4.2.4"
      },
      {
        "model": "crm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vtiger",
        "version": "4.2"
      },
      {
        "model": "crm rc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vtiger",
        "version": "5.0.4"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "27228"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003712"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-046"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3458"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003712"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "pieper is credited with discovering this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "27228"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-046"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2008-3458",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2008-3458",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-33583",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-3458",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-3458",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200808-046",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-33583",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2008-3458",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33583"
      },
      {
        "db": "VULMON",
        "id": "CVE-2008-3458"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003712"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-046"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3458"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory. vtiger CRM is prone to an information-disclosure vulnerability because the application fails to properly sanitize user-supplied input. \nA remote attacker may exploit this vulnerability to retrieve arbitrary files that may contain potentially sensitive information. Information harvested may be used in further attacks. \nThis issue affects versions prior to  vtiger  CRM 5.0.4 RC. Vtiger CRM is an open source web-based customer relationship management system (CRM) based on Sales Force Automation (SFA). \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nvtiger CRM File Disclosure Vulnerability\n\nSECUNIA ADVISORY ID:\nSA28370\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28370/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nExposure of sensitive information\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nvtiger CRM 5.x\nhttp://secunia.com/product/14762/\n\nDESCRIPTION:\nA vulnerability has been reported in vtiger CRM, which can be\nexploited by malicious people to disclose potentially sensitive\ninformation. \n\nThe vulnerability is caused due to the application not correctly\nrestricting access to e.g. the /test/wordtemplatedownload directory,\nwhich can be exploited to list and download directory contents. \n\nSOLUTION:\nRestrict access to affected directories (e.g. via \".htaccess\"). Renaming\nthis file to \".htaccess\" prohibits the listing of directory content. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported in a bug by \"pieper\". \n\nORIGINAL ADVISORY:\nhttp://sourceforge.net/project/shownotes.php?release_id=567189\n\nBug #2107:\nhttp://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-3458"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003712"
      },
      {
        "db": "BID",
        "id": "27228"
      },
      {
        "db": "VULHUB",
        "id": "VHN-33583"
      },
      {
        "db": "VULMON",
        "id": "CVE-2008-3458"
      },
      {
        "db": "PACKETSTORM",
        "id": "62490"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-3458",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "27228",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "28370",
        "trust": 1.9
      },
      {
        "db": "OSVDB",
        "id": "40218",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003712",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-046",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-33583",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2008-3458",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "62490",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33583"
      },
      {
        "db": "VULMON",
        "id": "CVE-2008-3458"
      },
      {
        "db": "BID",
        "id": "27228"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003712"
      },
      {
        "db": "PACKETSTORM",
        "id": "62490"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-046"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3458"
      }
    ]
  },
  "id": "VAR-200808-0340",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33583"
      }
    ],
    "trust": 0.62916664
  },
  "last_update_date": "2024-11-23T21:56:46.134000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "2107",
        "trust": 0.8,
        "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003712"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33583"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003712"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3458"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107"
      },
      {
        "trust": 1.9,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=567189"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/27228"
      },
      {
        "trust": 1.8,
        "url": "http://wiki.vtiger.com/index.php/vtiger_crm_5.0.4_-_release_notes"
      },
      {
        "trust": 1.8,
        "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811"
      },
      {
        "trust": 1.8,
        "url": "http://www.osvdb.org/40218"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/28370"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3458"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3458"
      },
      {
        "trust": 0.3,
        "url": "http://www.vtiger.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28370/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/?page=changelog"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14762/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33583"
      },
      {
        "db": "VULMON",
        "id": "CVE-2008-3458"
      },
      {
        "db": "BID",
        "id": "27228"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003712"
      },
      {
        "db": "PACKETSTORM",
        "id": "62490"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-046"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3458"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-33583"
      },
      {
        "db": "VULMON",
        "id": "CVE-2008-3458"
      },
      {
        "db": "BID",
        "id": "27228"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003712"
      },
      {
        "db": "PACKETSTORM",
        "id": "62490"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-046"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3458"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-08-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-33583"
      },
      {
        "date": "2008-08-04T00:00:00",
        "db": "VULMON",
        "id": "CVE-2008-3458"
      },
      {
        "date": "2008-01-10T00:00:00",
        "db": "BID",
        "id": "27228"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-003712"
      },
      {
        "date": "2008-01-10T22:33:57",
        "db": "PACKETSTORM",
        "id": "62490"
      },
      {
        "date": "2008-08-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200808-046"
      },
      {
        "date": "2008-08-04T19:41:00",
        "db": "NVD",
        "id": "CVE-2008-3458"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-33583"
      },
      {
        "date": "2017-11-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2008-3458"
      },
      {
        "date": "2015-05-07T17:33:00",
        "db": "BID",
        "id": "27228"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-003712"
      },
      {
        "date": "2022-03-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200808-046"
      },
      {
        "date": "2024-11-21T00:49:18.470000",
        "db": "NVD",
        "id": "CVE-2008-3458"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-046"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Vtiger CRM Vulnerable to reading email merge templates",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003712"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-046"
      }
    ],
    "trust": 0.6
  }
}

ghsa-4j7j-qq59-23vv

Vulnerability from github

Published

2022-05-02 00:00

Modified

2022-05-02 00:00

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-3458"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-08-04T19:41:00Z",
    "severity": "MODERATE"
  },
  "details": "Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory.",
  "id": "GHSA-4j7j-qq59-23vv",
  "modified": "2022-05-02T00:00:30Z",
  "published": "2022-05-02T00:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3458"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28370"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=567189"
    },
    {
      "type": "WEB",
      "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811"
    },
    {
      "type": "WEB",
      "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107"
    },
    {
      "type": "WEB",
      "url": "http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/40218"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27228"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-3458 (GCVE-0-2008-3458)

Vulnerability from cvelistv5

fkie_cve-2008-3458

Vulnerability from fkie_nvd

gsd-2008-3458

Vulnerability from gsd

var-200808-0340

Vulnerability from variot

ghsa-4j7j-qq59-23vv

Vulnerability from github

Tags

Sightings

Nomenclature