[VIM] vtiger CRM 'module_name' Parameter Local File Include Vulnerability

Rob Keith rkeith at securityfocus.com
Thu Apr 26 10:13:35 CDT 2012

Hey George,

One and the same. We'll get that fixed up.


George A. Theall wrote:
> BID 47263 covers a local file inclusion vulnerability involving the 'module_name' parameter  as used in the vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php script that John Leitch reported in April 2011 (http://packetstormsecurity.org/files/100182/vtiger-CRM-5.2.1-Local-File-Inclusion.html). 
> BID 52671 concerns what appears to be the same vulnerability, presumably based on EDB 18635 (which is now MIA) / 18770 / http://packetstormsecurity.org/files/111075/Vtiger-5.1.0-Local-File-Inclusion.html.
> Rob?
> George

More information about the VIM mailing list