2018
08.01

Vtiger CRM 6.3.0 Authenticated Logo Upload Remote Command Execution

Category: exploit / Tags: no tag / Add Comment

Vtiger version 6.3.0 CRM’s administration interface allows for the upload of a company logo. Instead of uploading an image, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against vTiger CRM version 6.3.0.

No Comment.

Add Your Comment

Your Comment

You must be logged in to post a comment.