CVE

Id
40685  
CVE No.
CVE-2009-3250  
Status
Candidate  
Description
The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.  
Phase
Assigned (20090918)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
446429 40685 CVE-2009-3250 BUGTRAQ:20090818 Vtiger CRM 5.0.4 Multiple Vulnerabilities  View
446430 40685 CVE-2009-3250 URL:http://marc.info/?l=bugtraq&m=125060676515670&w=2  View
446431 40685 CVE-2009-3250 MILW0RM:9450  View
446432 40685 CVE-2009-3250 URL:http://www.milw0rm.com/exploits/9450  View
446433 40685 CVE-2009-3250 MISC:http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/  View
446434 40685 CVE-2009-3250 MISC:http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt  View
446435 40685 CVE-2009-3250 BID:36062  View
446436 40685 CVE-2009-3250 URL:http://www.securityfocus.com/bid/36062  View
446437 40685 CVE-2009-3250 OSVDB:57237  View
446438 40685 CVE-2009-3250 URL:http://www.osvdb.org/57237  View
446439 40685 CVE-2009-3250 SECUNIA:36309  View
446440 40685 CVE-2009-3250 URL:http://secunia.com/advisories/36309  View
446441 40685 CVE-2009-3250 VUPEN:ADV-2009-2319  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
45312 JVNDB-2009-006319 Ultimate Player におけるスタックベースのバッファオーバーフローの脆弱性 Ultimate Player には、スタックベースのバッファオーバーフローの脆弱性が存在します。 CVE-2009-3254 40685 9.3 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-006319.html  View