Vulnerability Description
The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vtiger | Vtiger Crm | <= 4.2 |
References
- http://marc.info/?l=full-disclosure&m=113290708121951&w=2
- http://secunia.com/advisories/17693Vendor Advisory
- http://securitytracker.com/id?1015274
- http://www.securityfocus.com/archive/1/417711/30/0/threaded
- http://www.securityfocus.com/bid/15569
- http://www.vupen.com/english/advisories/2005/2569
- http://marc.info/?l=full-disclosure&m=113290708121951&w=2
- http://secunia.com/advisories/17693Vendor Advisory
- http://securitytracker.com/id?1015274
- http://www.securityfocus.com/archive/1/417711/30/0/threaded
- http://www.securityfocus.com/bid/15569
- http://www.vupen.com/english/advisories/2005/2569
FAQ
What is CVE-2005-3823?
CVE-2005-3823 is a vulnerability with a CVSS score of 7.5 (HIGH). The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function.
How severe is CVE-2005-3823?
CVE-2005-3823 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3823?
Check the references section above for vendor advisories and patch information. Affected products include: Vtiger Vtiger Crm.