Vulnerability Details : CVE-2013-3215
Public exploit exists!
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
Vulnerability category: BypassGain privilege
Products affected by CVE-2013-3215
- cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-3215
17.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-3215
-
vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload
Disclosure Date: 2013-03-26First seen: 2020-04-26exploit/multi/http/vtiger_soap_uploadvTiger CRM allows a user to bypass authentication when requesting SOAP services. In addition, arbitrary file upload is possible through the AddEmailAttachment SOAP service. By combining both vulnerabilities an attacker can upload and execute PHP code. This mo
CVSS scores for CVE-2013-3215
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2013-3215
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3215
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/86163
Vtiger CRM validateSession() security bypass CVE-2013-3215 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/61559
vtiger CRM 'validateSession()' Authentication Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to