Test ID:	1.3.6.1.4.1.25623.1.0.808752
Category:	Web application abuses
Title:	VTiger CRM Privilege Escalation and Unrestricted File Upload Vulnerability
Summary:	VTiger CRM is prone to a privilege escalation and unrestricted file upload vulnerability.
Description:	Summary: VTiger CRM is prone to a privilege escalation and unrestricted file upload vulnerability. Vulnerability Insight: The flaw is due to: - 'modules/Users/actions/Save.php' script does not properly restrict user-save actions - Settings_Vtiger_CompanyDetailsSave_Action class in 'modules/Settings/Vtiger/actions/CompanyDetailsSave.php' allosw uploading a crafted image file with an executable extension. Vulnerability Impact: Successful exploitation will allow remote authenticated users to execute arbitrary code or to create or modify user accounts via unspecified vectors. Affected Software/OS: VTiger CRM before version 6.5.0. Solution: Upgrade to vTiger CRM version 6.5.0 or later. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4834 BugTraq ID: 92076 http://www.securityfocus.com/bid/92076 http://jvn.jp/en/jp/JVN01956993/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000126 http://www.securitytracker.com/id/1036485 Common Vulnerability Exposure (CVE) ID: CVE-2016-1713 https://www.exploit-db.com/exploits/44379/ http://b.fl7.de/2016/01/vtiger-crm-6.4-auth-rce.html http://www.openwall.com/lists/oss-security/2016/01/12/4 http://www.openwall.com/lists/oss-security/2016/01/12/7
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.