[Vtigercrm-developers] v5.4 documents question
Joe Bordes
joe at tsolucio.com
Sat Apr 5 22:08:49 GMT 2014
Hi Richard,
Did you find anything about this? Does this install have the 5.4
Security patch applied? There were fixes there for script injection.
Just curious.
Joe
TSolucio
El 18/03/14 12:27, Richard Hills escribió:
> Hi guys
>
> I have seen a live unmodified 5.4 install which we have running as a
> test for clients who want to see what vtiger can do end up with an
> injected script inside of a normal documents structure
> (/storage/year/month/week/filename.whatever).
>
> No entry was made to match this in the crmentity table or elsewhere so
> it seems some very large security hole.
>
> I'm just wondering if anyone can point me to the file which handles
> these file uploads so I can get hunting for whatever has allowed this
> to happen.
>
> Thank you
> _______________________________________________
> http://www.vtiger.com/
>
More information about the vtigercrm-developers
mailing list