vtiger CRM Multiple Input Validation Vulnerabilities

vtiger CRM is prone to multiple input-validation vulnerabilities:

- A remote PHP code-execution vulnerability
- Multiple local file-include vulnerabilities
- A cross-site scripting vulnerability
- Multiple cross-site request-forgery vulnerabilities

Attackers can exploit these issues to execute arbitrary script code within the context of the webserver, perform unauthorized actions, compromise the affected application, steal cookie-based authentication credentials, or obtain information that could aid in further attacks.

The issues affect vtiger CRM 5.0.4; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus