CVE-2016-1713

Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:vtiger:vtiger_crm:6.4.0:*:*:*:*:*:*:*

Information

Published : 2017-04-14 11:59

Updated : 2018-04-01 18:29


NVD link : CVE-2016-1713

Mitre link : CVE-2016-1713


JSON object : View

CWE
CWE-434

Unrestricted Upload of File with Dangerous Type

Advertisement

dedicated server usa

Products Affected

vtiger

  • vtiger_crm