[Vtigercrm-commits] [Vtiger development] #7903: SOAP AddEmailAttachment Arbitrary File Upload
Vtiger development
vtiger-tickets at trac.vtiger.com
Thu Jan 16 10:10:36 GMT 2014
#7903: SOAP AddEmailAttachment Arbitrary File Upload
-----------------------+-------------------------
Reporter: prasad | Owner: developer
Type: defect | Status: new
Priority: major | Milestone: Unassigned
Component: vtigercrm | Version: 5.4.0
Severity: Medium | Resolution:
Keywords: |
-----------------------+-------------------------
Comment (by prasad):
If attacker gains access to established active soap session of outlook
plugin may end up with exploiting files: http://www.exploit-
db.com/exploits/30787/
NOTE: You can safely delete the file vtigerolservice.php if you are on
Vtiger 5.4.0 or 6.0 - as outlook plugin uses Webservices API instead of
SOAP.
--
Ticket URL: <http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7903#comment:1>
Vtiger development <http://trac.vtiger.com/>
Vtiger CRM
More information about the vtigercrm-commits
mailing list