CVE-2023-46304

{"id": "CVE-2023-46304", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2024-04-30T13:15:46.763", "references": [{"url": "https://code.vtiger.com/vtiger/vtigercrm/-/blob/master/modules/Users/models/Module.php", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://code.vtiger.com/vtiger/vtigercrm/-/commit/317f9ca88b6bbded11058f20a1d232717c360d43", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/jselliott/CVE-2023-46304", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://www.vtiger.com/", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://code.vtiger.com/vtiger/vtigercrm/-/blob/master/modules/Users/models/Module.php", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://code.vtiger.com/vtiger/vtigercrm/-/commit/317f9ca88b6bbded11058f20a1d232717c360d43", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/jselliott/CVE-2023-46304", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.vtiger.com/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed on every page load)."}, {"lang": "es", "value": "module/Users/models/Module.php en Vtiger CRM 7.5.0 permite que un atacante remoto autenticado ejecute c\u00f3digo PHP arbitrario porque un endpoint desprotegido le permite escribir este c\u00f3digo en el archivo config.inc.php (ejecutado en cada carga de p\u00e1gina) ."}], "lastModified": "2025-04-22T17:53:58.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vtiger:vtiger_crm:7.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7ED159B0-85DF-49E3-8C5E-E82F215A3E1C"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}