CVE-2005-3823

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/15569", "name": "15569", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/17693", "name": "17693", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1015274", "name": "1015274", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2005/2569", "name": "ADV-2005-2569", "tags": [], "refsource": "VUPEN"}, {"url": "http://marc.info/?l=full-disclosure&m=113290708121951&w=2", "name": "20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM", "tags": [], "refsource": "FULLDISC"}, {"url": "http://www.securityfocus.com/archive/1/417711/30/0/threaded", "name": "20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-3823", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2005-11-26T02:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-19T15:39Z"}