Full title: Vtiger CRM 6.3.0 Authenticated Logo Upload Remote Command Execution Exploit 
Category: remote exploits
Platform: php
Vtiger version 6.3.0 CRM's administration interface allows for the upload of a company logo. Instead of uploading an image, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against vTiger CRM version 6.3.0.

# 0day.today @ http://0day.today/