Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vtiger vtiger crm vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-22807
An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature.
Vtiger Vtiger Crm 7.2.0
9.8
CVSSv3
CVE-2013-3215
vtiger CRM 5.4.0 and previous versions contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
Vtiger Vtiger Crm
1 EDB exploit
9.8
CVSSv3
CVE-2013-3214
vtiger CRM 5.4.0 and previous versions contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
Vtiger Vtiger Crm
2 EDB exploits
1 Github repository
8.8
CVSSv3
CVE-2023-38891
SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated malicious user to escalate privileges via the getQueryColumnsList function in ReportRun.php.
Vtiger Vtiger Crm 7.5.0
1 Github repository
8.8
CVSSv3
CVE-2013-3591
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
Vtiger Vtiger Crm 5.3.0
Vtiger Vtiger Crm 5.4.0
1 EDB exploit
8.8
CVSSv3
CVE-2015-6000
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and previous versions allows remote authenticated users to execute arbitrary code by uploading a file with a...
Vtiger Vtiger Crm
1 EDB exploit
8.8
CVSSv3
CVE-2019-19202
In Vtiger 7.x prior to 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request.
Vtiger Vtiger Crm
8.8
CVSSv3
CVE-2016-10754
modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter.
Vtiger Vtiger Crm 6.5.0
8.8
CVSSv3
CVE-2019-11057
SQL injection vulnerability in Vtiger CRM prior to 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.
Vtiger Vtiger Crm 7.1.0
Vtiger Vtiger Crm
8.1
CVSSv3
CVE-2013-3212
vtiger CRM 5.4.0 and previous versions contain local file-include vulnerabilities in 'customerportal.php' which allows remote malicious users to view files and execute local script code.
Vtiger Vtiger Crm
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »