CVE-2006-5289

Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-13 04:07:00.000-04
Last Modified2018-10-17 05:42:01.000-04

Vulnerable Software List

VendorProductVersions
Vtiger Vtiger Crm 4.2

References

SourceLink
MISChttp://advisories.echo.or.id/adv/adv54-theday-2006.txt
SREASON1722
BUGTRAQ20061009 [ECHO_ADV_54$2006]vtiger CRM <=4.2 (calpath) Multiple Remote File Inclusion Vulnerability
BID20435
XFvtiger-update-file-include(29416)
EXPLOIT-DB2508