• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: VTiger CRM Multiple Input Validation Vulnerabilities

Severity: HIGH

Description:

vtiger is an open source customer relationship management system (CRM) implemented in PHP.

vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

vtiger is prone to an SQL injection vulnerability. This issue affects the 'record' parameter of the 'Contacts' module. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

vtiger is prone to an arbitrary local file include vulnerability. This issue is due to the 'templatename' parameter of the 'TemplateMerge' action not being properly sanitized. An attacker can supply the location of an arbitrary local file through that parameter, that file is then processed through an eval() call. An attacker can exploit this issue to evaluate arbitrary local files. This vulnerability can be exploited in conjunction with the following upload vulnerability to execute arbitrary attacker-supplied code.

The 'add2db' action of the 'uploads' module does not perform any sanitization on uploaded files. This permits an attacker to upload arbitrary PHP files that can possibly later be called through a GET request, ultimately executing the malicious code in the context of the Web server process.

Several of the issues disclosed by SEC-CONSULT in their referenced security advisory, were previously discussed in BID 15562 (VTiger CRM Multiple Input Validation Vulnerabilities). Users are advised to consult that BID for other vulnerabilities affecting vtiger.

Affected Products:

• vtiger vtiger CRM 4.2.0

References:

• SEC-CONSULT: Even More Vulnerabilities in VTiger CRM
• vtiger: vtiger Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.