PHP Code Injection Vulnerability in vtiger CRM by vtiger
CVE-2013-3214

9.8CRITICAL

Key Information:

Vendor: Vtiger
Status: Vtiger Crm
Vendor: CVE Published:; 28 January 2020

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 89%

What is CVE-2013-3214?

vtiger CRM versions 5.4.0 and earlier are susceptible to a PHP code injection vulnerability in the 'vtigerolservice.php' file. This flaw allows attackers to inject malicious PHP code, potentially leading to unauthorized access and control over the affected systems. Administrators should ensure they apply the necessary patches and remain vigilant against exploitation attempts that could compromise CRM data.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2013-3214
Created by shadofren

References

http://www.exploit-db.com/exploits/30787

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/61558

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/86164

vdb-entryx_refsource_XF

EPSS Score

89% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 6, 2020
👾
Exploit known to exist
Aug 6, 2020
Vulnerability published
Jan 28, 2020
Vulnerability Reserved
Apr 20, 2013

Vtiger

Badges

What is CVE-2013-3214?

Exploit Proof of Concept (PoC)

References

EPSS Score

CVSS V3.1

Timeline