Local File Inclusion Vulnerability in vtiger CRM by vtiger
CVE-2013-3212

8.1HIGH

Key Information:

Vendor: Vtiger
Status: Vtiger Crm
Vendor: CVE Published:; 28 January 2020

What is CVE-2013-3212?

The vtiger CRM versions up to 5.4.0 are susceptible to local file inclusion vulnerabilities found in 'customerportal.php'. This issue permits remote attackers to access sensitive files and execute arbitrary local script code, potentially compromising the integrity and confidentiality of the affected system. Safeguarding against such vulnerabilities is crucial to maintaining secure and reliable operations.

References

http://www.exploit-db.com/exploits/27279

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/61560

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/86162

vdb-entryx_refsource_XF

EPSS Score

21% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 28, 2020
Vulnerability Reserved
Apr 20, 2013

Vtiger

What is CVE-2013-3212?

References

EPSS Score

CVSS V3.1

Timeline