[VIM] vtiger CRM 'module_name' Parameter Local File Include Vulnerability
George A. Theall
theall at tenable.com
Wed Apr 25 19:36:51 CDT 2012
BID 47263 covers a local file inclusion vulnerability involving the 'module_name' parameter as used in the vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php script that John Leitch reported in April 2011 (http://packetstormsecurity.org/files/100182/vtiger-CRM-5.2.1-Local-File-Inclusion.html).
BID 52671 concerns what appears to be the same vulnerability, presumably based on EDB 18635 (which is now MIA) / 18770 / http://packetstormsecurity.org/files/111075/Vtiger-5.1.0-Local-File-Inclusion.html.
theall at tenablesecurity.com
More information about the VIM