CVE-2012-4867

Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary...

Basic Information

CVE State: PUBLISHED
Reserved Date: September 06, 2012
Published Date: September 06, 2012
Last Updated: September 17, 2024
Vendor: vtiger
Product: CRM
Description: Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter.
Tags

CVSS Scores

CVSS v2.0

5.0

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS Score

Score: 4.71% (Percentile: 88.85%) as of 2025-06-13

Exploit Status

Exploited in the Wild: Yes (2022-09-28 00:00:00 UTC) Source

References

http://packetstormsecurity.org/files/111075/Vtiger-5.1.0-Local-File-Inclusion.html http://www.exploit-db.com/exploits/18635

Known Exploited Vulnerability Information

Source	Added Date
SANS Internet Storm Center	2025-06-09 08:35:45 UTC

Timeline

CVE ID Reserved

September 06, 2012
CVE Published to Public

September 06, 2012
Added to KEVIntel

June 09, 2025