Vulnerability Details : CVE-2005-3820
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file.
Vulnerability category: Directory traversal
Products affected by CVE-2005-3820
- cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-3820
1.59%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-3820
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST |
References for CVE-2005-3820
-
http://www.securityfocus.com/archive/1/417711/30/0/threaded
-
http://www.securityfocus.com/archive/1/417730/30/0/threaded
-
http://www.securityfocus.com/bid/15569
-
http://www.vupen.com/english/advisories/2005/2569
-
http://securitytracker.com/id?1015271
-
http://www.hardened-php.net/advisory_232005.105.html
Vendor Advisory
-
http://marc.info/?l=full-disclosure&m=113290708121951&w=2
-
http://securitytracker.com/id?1015274
-
http://www.securityfocus.com/bid/15562
Exploit
Jump to