{
  "id": "CVE-2009-3250",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2009-09-18T20:30:00.313",
  "lastModified": "2017-09-19T01:29:31.687",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/."
    },
    {
      "lang": "es",
      "value": "El procedimiento \"saveForwardAttachments\" de la funcionalidad \"Crear correo\" de vtiger CRM v5.0.4 permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n creando un mensaje de correo electr\u00f3nico con un fichero adjunto cuyo nombre acabe en (1) .php en entornos basados en configuraciones determinadas del servidor HTTP Apache, (2) .php. en Windows, o (3) .php/ en Linux; y, a continuaci\u00f3n, realizando una petici\u00f3n directa a una ruta de directorio bajostorage/."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "84AE51A9-59AF-47F9-8AFC-5219505FD170"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://marc.info/?l=bugtraq&m=125060676515670&w=2",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.exploit-db.com/exploits/9450",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/bid/36062",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ]
    },
    {
      "url": "http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ]
    },
    {
      "url": "http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ]
    },
    {
      "url": "http://www.vupen.com/english/advisories/2009/2319",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}