[VIM] vtiger CRM 'module_name' Parameter Local File Include Vulnerability

George A. Theall theall at tenable.com
Wed Apr 25 19:36:51 CDT 2012

BID 47263 covers a local file inclusion vulnerability involving the 'module_name' parameter  as used in the vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php script that John Leitch reported in April 2011 (http://packetstormsecurity.org/files/100182/vtiger-CRM-5.2.1-Local-File-Inclusion.html). 

BID 52671 concerns what appears to be the same vulnerability, presumably based on EDB 18635 (which is now MIA) / 18770 / http://packetstormsecurity.org/files/111075/Vtiger-5.1.0-Local-File-Inclusion.html.


theall at tenablesecurity.com

More information about the VIM mailing list