Subscribe via feed.

Vtiger CRM 6.3.0 Authenticated Logo Upload Remote Command Execution

Posted by deepcore on August 1, 2018 – 2:04 am

Vtiger version 6.3.0 CRM’s administration interface allows for the upload of a company logo. Instead of uploading an image, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against vTiger CRM version 6.3.0.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.


« »