Arbitrary PHP Code Execution in vTiger CRM 4.2 and Earlier

Arbitrary PHP Code Execution in vTiger CRM 4.2 and Earlier

CVE-2005-3823 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function.

Learn more about our Crm Penetration Testing.