CVE-2005-3823 Information

Description

The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter which is passed to the eval function.

Reference

http://marc.info/?l=full-disclosure&m=113290708121951&w=2 http://secunia.com/advisories/17693 http://securitytracker.com/id?1015274 http://www.securityfocus.com/archive/1/417711/30/0/threaded http://www.securityfocus.com/bid/15569 http://www.vupen.com/english/advisories/2005/2569