V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2006-5289
CVE
HighConfirmedExploit available

Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a…

CVSS
7.5
High
EPSS
0.08
p93
Published
2006-01-01
Updated
2006-01-01
Description

Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php.

Affected products
Vtiger_crm
CVSS vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Timeline
2006-01-01
Published
2006-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Authentication
Au: N
None (N)
Confidentiality Impact
C: P
Partial
Integrity Impact
I: P
Partial
Availability Impact
A: P
Partial
Exploit indicators
EPSS
0.078 · p93
Known exploited (KEV)
No
Known exploits — Сканер-ВС
2508
exploitdb · https://www.exploit-db.com/exploits/2508
Enterprise
Affected products
Vtiger
Vtiger Crm
ProductVendorStatus
vtiger_crm*Tracked
Source databases
CVE