vTiger Vulnerability

Added by Warren Kelley over 11 years ago

A vulnerability has been found recently in Vtiger.

This vulnerability is different from the previously reported one about sortfieldsjson.

Currently an attacker could exploit this security bug sol that he can, without authentication, upload PHP code and then run it under the context of the web server.

I just updated my vTigercrm for another environment I use. Someone at Goautodial may want to verify or negate this as being an issue with goautodial's vtiger version!

Regards

Leftist

Replies (2)

RE: vTiger Vulnerability - Added by Levy Ryan Nolasco over 11 years ago

Hi Warren,

Please post your server details together with installation method and VTiger crm version.

Regards,
Ryan

RE: vTiger Vulnerability - Added by Warren Kelley over 11 years ago

This was brought to my attention by a posting for another product that I use with asterisk core. However it should still be relevant to all vTiger installations @ 5.1.

It's a vulnerability of vtiger, not for goautodial or centos. The other environment is a PBX system called Elastix that include vtiger as an add-on product.

Again, I only posted it because of the installation of "vtiger" in general on a system. I realize that there isn't true integration of vtiger per se with goautodial.

If' I am incorrect in bringing this up for Goautodial group, I apologize in advance, however, I love this product, and I don't want ANYTHING to cause anyone using it to suffer because of patch-able modules that aren't necessarily part of the whole!

Regards

Here is the link with reference to the issue in general. I hope it helps, and I hope it's not relevant to Goautodial environments.

http://www2.elastix.org/index.php/en/appliances/889-critical-vulnerability-vtiger.html

Maybe all that turkey I consumed has deadened my brain!

(1-2/2) Go to top

Project

General

Profile

GOautodial Open Source Omni-channel Contact Center Suite