[VIM] vtiger CRM 'module_name' Parameter Local File Include Vulnerability
rkeith at securityfocus.com
Thu Apr 26 10:13:35 CDT 2012
One and the same. We'll get that fixed up.
George A. Theall wrote:
> BID 47263 covers a local file inclusion vulnerability involving the 'module_name' parameter as used in the vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php script that John Leitch reported in April 2011 (http://packetstormsecurity.org/files/100182/vtiger-CRM-5.2.1-Local-File-Inclusion.html).
> BID 52671 concerns what appears to be the same vulnerability, presumably based on EDB 18635 (which is now MIA) / 18770 / http://packetstormsecurity.org/files/111075/Vtiger-5.1.0-Local-File-Inclusion.html.
More information about the VIM