Vtiger CRM 5.0.4 Multiple Vulnerabilities - EDB Advisory

On August 18, 2009, the Exploit-DB portal published an advisory on multiple vulnerabilities in the Vtiger CRM 5.0.4 software, attributing the discovery to the USH team composed of Francesco “ascii” Ongaro, Giovanni “evilaliv3” Pellerano, and Antonio “s4tan” Parata. The technical bulletin documented serious flaws such as Remote Code Execution, CSRF, Local File Inclusion, and XSS, with medium impact (CVSS 6/10). The vendor subsequently corrected the vulnerabilities with the release of version 5.1.0. Ongaro was cited both as discoverer and as author of the document, which was also associated with the copyright.