Arbitrary PHP Code Execution in vTiger CRM by vTiger
CVE-2013-3591

8.8HIGH

Key Information:

Vendor: Vtiger Crm
Status: Vtiger Crm
Vendor: CVE Published:; 7 February 2020

What is CVE-2013-3591?

The vulnerability in vTiger CRM versions 5.3 and 5.4 allows for arbitrary PHP code execution through the 'files' upload folder. Attackers can exploit this flaw by uploading malicious PHP scripts, which can then be executed on the server. This can lead to unauthorized access and control over the compromised system, potentially impacting sensitive data and operations. It is crucial for users of vTiger CRM to implement security measures to mitigate the risk of exploitation.

Affected Version(s)

vTiger CRM 5.3

vTiger CRM 5.4

References

https://community.rapid7.com/community/metasploit/blog/20...

x_refsource_MISC

https://community.rapid7.com/community/metasploit/blog/20...

x_refsource_MISC

http://www.securityfocus.com/bid/63454

x_refsource_MISC

EPSS Score

79% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 7, 2020
Vulnerability Reserved
May 21, 2013

JSON

Vtiger Crm

What is CVE-2013-3591?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline