oss-sec mailing list archives
Re: CVE request: vtigercrm < 5.0.4
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 4 Aug 2008 14:49:11 -0400 (EDT)
====================================================== Name: CVE-2008-3458 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3458 Reference: MISC:http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811 Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=567189 Reference: CONFIRM:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107 Reference: CONFIRM:http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes Reference: BID:27228 Reference: URL:http://www.securityfocus.com/bid/27228 Reference: OSVDB:40218 Reference: URL:http://www.osvdb.org/40218 Reference: SECUNIA:28370 Reference: URL:http://secunia.com/advisories/28370 Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory.
Current thread:
- CVE request: vtigercrm < 5.0.4 Hanno Böck (Jul 31)
- Re: CVE request: vtigercrm < 5.0.4 Steven M. Christey (Aug 04)