CVE-2016-1713 in CRMinfo

Summary

Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsible

Reservation

01/12/2016

Disclosure

04/14/2017

Moderation

VulDB entry created

Entries

VDB-99877

CPE

ready

CWE

CWE-434 (Confirmed)

Exploit

Download

CVSS

6.8

EPSS

0.61943

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-1713
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-1713
CVE Details	https://www.cvedetails.com/cve/CVE-2016-1713/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!