FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vtiger -- multiple remote file inclusion vulnerabilities

Affected packages
vtiger < 5.0

Details

VuXML ID 2c8a84d9-5bee-11db-a5ae-00508d6a62df
Discovery 2006-10-09
Entry 2006-10-15

Dedi Dwianto a.k.a the_day reports:

Input passed to the "$calpath" parameter in update.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources.

[source]

References

Bugtraq ID 20435
CVE Name CVE-2006-5289
Message 20061009094328.15530.qmail@securityfocus.com
URL http://advisories.echo.or.id/adv/adv54-theday-2006.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.