Vulnerability Details : CVE-2013-3214
Public exploit exists!
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
Exploit prediction scoring system (EPSS) score for CVE-2013-3214
85.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-3214
-
vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload
Disclosure Date: 2013-03-26First seen: 2020-04-26exploit/multi/http/vtiger_soap_uploadvTiger CRM allows a user to bypass authentication when requesting SOAP services. In addition, arbitrary file upload is possible through the AddEmailAttachment SOAP service. By combining both vulnerabilities an attacker can upload and execute PHP code. This mo
CVSS scores for CVE-2013-3214
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2013-3214
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3214
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/86164
Vtiger CRM vtigerolservice.php file upload CVE-2013-3214 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/61558
vtiger CRM 'vtigerolservice.php' PHP Code Injection VulnerabilityThird Party Advisory;VDB Entry
-
http://www.exploit-db.com/exploits/30787
vTiger CRM 5.4.0 SOAP - AddEmailAttachment Arbitrary File Upload (Metasploit) - PHP remote ExploitExploit;Third Party Advisory;VDB Entry
Products affected by CVE-2013-3214
- cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*