NVD

Id
29914  
Name
CVE-2014-1222  
Description
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM.  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2014-08-12  
Modified Date
2015-11-19  
Seq
2014-1222  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
157701 29914 CVE-2014-1222 http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%206.0.0/Add-ons/vtigercrm-600-security-patch1.zip/download  View
157702 29914 CVE-2014-1222 20140312 CVE-2014-1222 - Local File Inclusion in Vtiger CRM  View
157703 29914 CVE-2014-1222 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1222/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
14924 JVNDB-2014-003799 Vtiger CRM の kcfinder/browse.php におけるディレクトリトラバーサルの脆弱性 Vtiger CRM の kcfinder/browse.php には、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2014-1222 68508 CVE-2014-1222 29914 4 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-003799.html 2014-03-11 2015-01-07 View