Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vtiger vtiger crm 5.4.0 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2013-3591
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
Vtiger Vtiger Crm 5.3.0
Vtiger Vtiger Crm 5.4.0
1 EDB exploit
7.5
CVSSv2
CVE-2013-3215
vtiger CRM 5.4.0 and previous versions contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
Vtiger Vtiger Crm
1 EDB exploit
6.8
CVSSv2
CVE-2013-3212
vtiger CRM 5.4.0 and previous versions contain local file-include vulnerabilities in 'customerportal.php' which allows remote malicious users to view files and execute local script code.
Vtiger Vtiger Crm
1 EDB exploit
7.5
CVSSv2
CVE-2013-3214
vtiger CRM 5.4.0 and previous versions contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
Vtiger Vtiger Crm
2 EDB exploits
1 Github repository
5
CVSSv2
CVE-2014-2268
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote malicious users to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP co...
Vtiger Vtiger Crm 1.0
Vtiger Vtiger Crm 2.0
Vtiger Vtiger Crm 2.0.1
Vtiger Vtiger Crm 2.1
Vtiger Vtiger Crm 5.0.2
Vtiger Vtiger Crm 5.0.3
Vtiger Vtiger Crm 5.0.4
Vtiger Vtiger Crm 5.1.0
Vtiger Vtiger Crm 4
Vtiger Vtiger Crm 4.0
Vtiger Vtiger Crm 4.0.1
Vtiger Vtiger Crm 5.4.0
Vtiger Vtiger Crm 6.0.0
Vtiger Vtiger Crm 3.0
Vtiger Vtiger Crm 4.2
Vtiger Vtiger Crm 5.0.0
Vtiger Vtiger Crm 5.2.1
Vtiger Vtiger Crm 3.2
Vtiger Vtiger Crm 4.2.4
Vtiger Vtiger Crm 5.0.1
Vtiger Vtiger Crm 5.2.0
Vtiger Vtiger Crm 5.3.0
1 EDB exploit
4
CVSSv2
CVE-2014-1222
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM prior to 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KC...
Vtiger Vtiger Crm
3 EDB exploits
7.5
CVSSv2
CVE-2013-3213
Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 up to and including 5.4.0 allow remote malicious users to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_l...
Vtiger Vtiger Crm 5.0.0
Vtiger Vtiger Crm 5.4.0
Vtiger Vtiger Crm 5.0.4
Vtiger Vtiger Crm 5.0.1
Vtiger Vtiger Crm 5.2.0
Vtiger Vtiger Crm 5.1.0
Vtiger Vtiger Crm 5.0.3
Vtiger Vtiger Crm 5.3.0
Vtiger Vtiger Crm 5.2.1
Vtiger Vtiger Crm 5.0.2
1 EDB exploit
4.3
CVSSv2
CVE-2013-7326
Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote malicious users to inject arbitrary web script or HTML via the (1) return_url parameter to modules\com_vtiger_workflow\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) ...
Vtiger Vtiger Crm 5.4.0
6.5
CVSSv2
CVE-2013-5091
SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559.
Vtiger Vtiger Crm 2.0
Vtiger Vtiger Crm 2.1
Vtiger Vtiger Crm 4
Vtiger Vtiger Crm 5.0.0
Vtiger Vtiger Crm 5.0.3
Vtiger Vtiger Crm 5.3.0
Vtiger Vtiger Crm 4.0.1
Vtiger Vtiger Crm 4.2
Vtiger Vtiger Crm 4.2.4
Vtiger Vtiger Crm 3.0
Vtiger Vtiger Crm 3.2
Vtiger Vtiger Crm 5.0.4
Vtiger Vtiger Crm 5.1.0
Vtiger Vtiger Crm 5.2.0
Vtiger Vtiger Crm 1.0
Vtiger Vtiger Crm 2.0.1
Vtiger Vtiger Crm 4.0
Vtiger Vtiger Crm 5.0.2
Vtiger Vtiger Crm 5.2.1
Vtiger Vtiger Crm
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started