- Description
- The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function.
- Source
- cve@mitre.org
- NVD status
- Deferred
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "136EE594-73FB-4218-921E-0F5BEEE9F23B",
"versionEndIncluding": "4.2"
}
],
"operator": "OR"
}
]
}
]