Vulnerability Details : CVE-2016-1713
Public exploit exists!
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.
Vulnerability category: Execute code
Products affected by CVE-2016-1713
- cpe:2.3:a:vtiger:vtiger_crm:6.4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1713
0.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2016-1713
-
Vtiger CRM - Authenticated Logo Upload RCE
Disclosure Date: 2015-09-28First seen: 2020-04-26exploit/multi/http/vtiger_logo_upload_execVtiger 6.3.0 CRM's administration interface allows for the upload of a company logo. Instead of uploading an image, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This module was tested against vTig
CVSS scores for CVE-2016-1713
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.5
|
HIGH | AV:N/AC:M/Au:S/C:C/I:C/A:C |
6.8
|
10.0
|
NIST | |
7.3
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.3
|
5.9
|
NIST |
CWE ids for CVE-2016-1713
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1713
-
http://b.fl7.de/2016/01/vtiger-crm-6.4-auth-rce.html
Vtiger CRM 6.4 Authenticated Remote Code Execution (CVE-2016-1713) – Benjamin Daniel Mussler's InfoSec Blog (B.FL7.DE)Exploit;Technical Description;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/01/12/4
oss-security - CVE Request: Vtiger CRM 6.4 Authenticated Remote Code ExecutionMailing List;Third Party Advisory
-
https://www.exploit-db.com/exploits/44379/
Vtiger CRM 6.3.0 - (Authenticated) Arbitrary File Upload (Metasploit)
-
http://www.openwall.com/lists/oss-security/2016/01/12/7
oss-security - Re: CVE Request: Vtiger CRM 6.4 Authenticated Remote Code ExecutionMailing List
Jump to