Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vtiger vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-5009
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, a...
Vtiger Vtiger Crm 7.1.0
Vtiger Vtiger Crm
6.5
CVSSv2
CVE-2013-3591
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
Vtiger Vtiger Crm 5.3.0
Vtiger Vtiger Crm 5.4.0
1 EDB exploit
6.8
CVSSv2
CVE-2006-4587
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote malicious users to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module.
Vtiger Vtiger Crm 4.2
Vtiger Vtiger Crm 4.2.4
7.5
CVSSv2
CVE-2006-4588
vtiger CRM 4.2.4, and possibly earlier, allows remote malicious users to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module.
Vtiger Vtiger Crm 4.2.4
Vtiger Vtiger Crm 4.2
7.5
CVSSv2
CVE-2013-3214
vtiger CRM 5.4.0 and previous versions contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
Vtiger Vtiger Crm
2 EDB exploits
1 Github repository
4.3
CVSSv2
CVE-2005-3818
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a ...
Vtiger Vtiger Crm
2 EDB exploits
7.5
CVSSv2
CVE-2005-3819
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and previous versions allow remote malicious users to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module.
Vtiger Vtiger Crm
1 EDB exploit
6.4
CVSSv2
CVE-2005-3820
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and previous versions allow remote malicious users to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) modul...
Vtiger Vtiger Crm
4.3
CVSSv2
CVE-2005-3821
Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via multiple vectors, including the account name.
Vtiger Vtiger Crm
7.5
CVSSv2
CVE-2005-3822
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module.
Vtiger Vtiger Crm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »