CVE-2009-3249 Information

Description

Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the module parameter to graph.php; or the (2) module or (3) file parameter to include/Ajax/CommonAjax.php reachable through modules/Campaigns/CampaignsAjax.php modules/SalesOrder/SalesOrderAjax.php modules/System/SystemAjax.php modules/Products/ProductsAjax.php modules/uploads/uploadsAjax.php modules/Dashboard/DashboardAjax.php modules/Potentials/PotentialsAjax.php modules/Notes/NotesAjax.php modules/Faq/FaqAjax.php modules/Quotes/QuotesAjax.php modules/Utilities/UtilitiesAjax.php modules/Calendar/ActivityAjax.php modules/Calendar/CalendarAjax.php modules/PurchaseOrder/PurchaseOrderAjax.php modules/HelpDesk/HelpDeskAjax.php modules/Invoice/InvoiceAjax.php modules/Accounts/AccountsAjax.php modules/Reports/ReportsAjax.php modules/Contacts/ContactsAjax.php and modules/Portal/PortalAjax.php; and allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the step parameter in an Import action to the (4) Accounts (5) Contacts (6) HelpDesk (7) Leads (8) Potentials (9) Products or (10) Vendors module reachable through index.php and related to modules/Import/index.php and multiple Import.php files.

Reference

http://marc.info/?l=bugtraq&m=125060676515670&w=2 http://secunia.com/advisories/36309 http://securityreason.com/securityalert/8118 http://www.exploit-db.com/exploits/9450 http://www.osvdb.org/57239 http://www.securityfocus.com/bid/36062 http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/ http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt http://www.vupen.com/english/advisories/2009/2319