Full title: vTigerCRM v5.4.0/v5.3.0 Authenticated Remote Code Execution 
Category: remote exploits
Platform: php
vTiger CRM allows an authenticated user to upload files to embed within documents. Due to insufficient privileges on the 'files' upload folder, an attacker can upload a PHP script and execute arbitrary PHP code remotely. This Metasploit module was tested against vTiger CRM v5.4.0 and v5.3.0.

# 0day.today @ http://0day.today/