ГлавнаяУязвимости → CVE-2023-46304
8.1высокая

CVE-2023-46304

Описание

modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed on every page load).

Затрагиваемое ПО
Vtiger Vtiger crm
CVSS
Балл8.1 — высокая
ВекторCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://code.vtiger.com/vtiger/vtigercrm/-/blob/master/modules/Users/models/Module.phphttps://code.vtiger.com/vtiger/vtigercrm/-/commit/317f9ca88b6bbded11058f20a1d232717c360d43https://github.com/jselliott/CVE-2023-46304https://www.vtiger.com/https://code.vtiger.com/vtiger/vtigercrm/-/blob/master/modules/Users/models/Module.phphttps://code.vtiger.com/vtiger/vtigercrm/-/commit/317f9ca88b6bbded11058f20a1d232717c360d43https://github.com/jselliott/CVE-2023-46304https://www.vtiger.com/