var-202001-0885
Vulnerability from variot
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code. vtiger CRM Contains an injection vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. vtiger CRM is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. This may allow the attacker to compromise the application; other attacks are also possible. vtiger CRM 5.4.0 and prior are vulnerable. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability comes from the fact that the program does not properly filter the input submitted by the user. --------------------------------------------------------------------------------- vtiger CRM <= 5.4.0 (customerportal.php) Two Local File Inclusion Vulnerabilities
[-] Software Link:
http://www.vtiger.com/
[-] Affected Versions:
[1] All versions from 5.1.0 to 5.4.0. [2] All versions from 5.2.0 to 5.4.0.
[-] Vulnerability Description:
1) The vulnerable code is located in the get_list_values SOAP method defined in /soap/customerportal.php:
- function get_list_values($id,$module,$sessionid,$only_mine='true')
- {
- require_once('modules/'.$module.'/'.$module.'.php');
- require_once('include/utils/UserInfoUtil.php');
- global $adb,$log,$current_user;
- $log->debug("Entering customer portal function get_list_values");
2) The vulnerable code is located in the get_project_components SOAP method defined in /soap/customerportal.php:
- function get_project_components($id,$module,$customerid,$sessionid) {
- require_once("modules/$module/$module.php");
- require_once('include/utils/UserInfoUtil.php');
- global $adb,$log;
- $log->debug("Entering customer portal function get_project_components ..");
The vulnerabilities exist because these methods fail to properly validate input passed through the "module" parameter, that is being used in a call to the require_once() function (lines 1530 and 2779). This might be exploited to include arbitrary local files containing malicious PHP code. Successful exploitation of these vulnerabilities requires the application running on PHP < 5.3.4, because a null byte injection is required.
[-] Solution:
Apply the vendor patch:http://www.vtiger.com/blogs/?p=1467
[-] Disclosure Timeline:
[13/01/2013] - Vendor notified [06/02/2013] - Vendor asked feedback abouthttp://trac.vtiger.com/cgi-bin/trac.cgi/changeset/13848 [05/03/2013] - Feedback provided to the vendor [26/03/2013] - Vendor patch released [18/04/2013] - CVE number requested [20/04/2013] - CVE number assigned [01/08/2013] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-3212 to these vulnerabilities.
[-] Credits:
Vulnerabilities discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2013-05
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0885",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.8,
"vendor": "vtiger",
"version": "5.4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger",
"version": null
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.1"
}
],
"sources": [
{
"db": "BID",
"id": "61560"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"db": "NVD",
"id": "CVE-2013-3212"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Egidio Romano",
"sources": [
{
"db": "BID",
"id": "61560"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-011"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3212",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2013-3212",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-63214",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2013-3212",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2013-3212",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3212",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-3212",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-011",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-63214",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63214"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-011"
},
{
"db": "NVD",
"id": "CVE-2013-3212"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in \u0027customerportal.php\u0027 which allows remote attackers to view files and execute local script code. vtiger CRM Contains an injection vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. vtiger CRM is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. This may allow the attacker to compromise the application; other attacks are also possible. \nvtiger CRM 5.4.0 and prior are vulnerable. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability comes from the fact that the program does not properly filter the input submitted by the user. ---------------------------------------------------------------------------------\nvtiger CRM \u003c= 5.4.0 (customerportal.php) Two Local File Inclusion Vulnerabilities\n---------------------------------------------------------------------------------\n\n\n[-] Software Link:\n\nhttp://www.vtiger.com/\n\n\n[-] Affected Versions:\n\n[1] All versions from 5.1.0 to 5.4.0. \n[2] All versions from 5.2.0 to 5.4.0. \n\n\n[-] Vulnerability Description:\n\n1) The vulnerable code is located in the get_list_values SOAP method defined in /soap/customerportal.php:\n\n1528. \tfunction get_list_values($id,$module,$sessionid,$only_mine=\u0027true\u0027)\n1529. \t{\n1530. \t\trequire_once(\u0027modules/\u0027.$module.\u0027/\u0027.$module.\u0027.php\u0027);\n1531. \t\trequire_once(\u0027include/utils/UserInfoUtil.php\u0027);\n1532. \t\tglobal $adb,$log,$current_user;\n1533. \t\t$log-\u003edebug(\"Entering customer portal function get_list_values\");\n\n2) The vulnerable code is located in the get_project_components SOAP method defined in /soap/customerportal.php:\n\n2778. \tfunction get_project_components($id,$module,$customerid,$sessionid) {\n2779. \t\trequire_once(\"modules/$module/$module.php\");\n2780. \t\trequire_once(\u0027include/utils/UserInfoUtil.php\u0027);\n2781. \t\n2782. \t\tglobal $adb,$log;\n2783. \t\t$log-\u003edebug(\"Entering customer portal function get_project_components ..\");\n\nThe vulnerabilities exist because these methods fail to properly validate input passed through the \"module\"\nparameter, that is being used in a call to the require_once() function (lines 1530 and 2779). This might be\nexploited to include arbitrary local files containing malicious PHP code. Successful exploitation of these\nvulnerabilities requires the application running on PHP \u003c 5.3.4, because a null byte injection is required. \n\n\n[-] Solution:\n\nApply the vendor patch:http://www.vtiger.com/blogs/?p=1467\n\n\n[-] Disclosure Timeline:\n\n[13/01/2013] - Vendor notified\n[06/02/2013] - Vendor asked feedback abouthttp://trac.vtiger.com/cgi-bin/trac.cgi/changeset/13848\n[05/03/2013] - Feedback provided to the vendor\n[26/03/2013] - Vendor patch released\n[18/04/2013] - CVE number requested\n[20/04/2013] - CVE number assigned\n[01/08/2013] - Public disclosure\n\n\n[-] CVE Reference:\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org)\nhas assigned the name CVE-2013-3212 to these vulnerabilities. \n\n\n[-] Credits:\n\nVulnerabilities discovered by Egidio Romano. \n\n\n[-] Original Advisory:\n\nhttp://karmainsecurity.com/KIS-2013-05\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3212"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"db": "BID",
"id": "61560"
},
{
"db": "VULHUB",
"id": "VHN-63214"
},
{
"db": "PACKETSTORM",
"id": "122637"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-63214",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63214"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3212",
"trust": 2.9
},
{
"db": "BID",
"id": "61560",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "27279",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007134",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-011",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "122637",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-80894",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-63214",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63214"
},
{
"db": "BID",
"id": "61560"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"db": "PACKETSTORM",
"id": "122637"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-011"
},
{
"db": "NVD",
"id": "CVE-2013-3212"
}
]
},
"id": "VAR-202001-0885",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-63214"
}
],
"trust": 0.62916664
},
"last_update_date": "2024-08-14T13:25:07.625000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.vtiger.com/"
},
{
"title": "Vtiger CRM customerportal.php Multiple local files contain bug fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=109038"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-011"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.1
},
{
"problemtype": "injection (CWE-74) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63214"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"db": "NVD",
"id": "CVE-2013-3212"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86162"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/61560"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/27279"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3212"
},
{
"trust": 0.4,
"url": "http://www.vtiger.com/"
},
{
"trust": 0.1,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/13848"
},
{
"trust": 0.1,
"url": "http://www.vtiger.com/blogs/?p=1467"
},
{
"trust": 0.1,
"url": "http://karmainsecurity.com/kis-2013-05"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63214"
},
{
"db": "BID",
"id": "61560"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"db": "PACKETSTORM",
"id": "122637"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-011"
},
{
"db": "NVD",
"id": "CVE-2013-3212"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-63214"
},
{
"db": "BID",
"id": "61560"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"db": "PACKETSTORM",
"id": "122637"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-011"
},
{
"db": "NVD",
"id": "CVE-2013-3212"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-63214"
},
{
"date": "2013-08-01T00:00:00",
"db": "BID",
"id": "61560"
},
{
"date": "2020-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"date": "2013-08-01T17:27:27",
"db": "PACKETSTORM",
"id": "122637"
},
{
"date": "2013-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-011"
},
{
"date": "2020-01-28T21:15:11.637000",
"db": "NVD",
"id": "CVE-2013-3212"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-63214"
},
{
"date": "2013-08-01T00:00:00",
"db": "BID",
"id": "61560"
},
{
"date": "2020-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"date": "2020-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-011"
},
{
"date": "2020-02-03T18:52:20.870000",
"db": "NVD",
"id": "CVE-2013-3212"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-011"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger\u00a0CRM\u00a0 Vulnerability in injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007134"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-011"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…