Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vtiger vtiger crm vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-5009
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, a...
Vtiger Vtiger Crm 7.1.0
Vtiger Vtiger Crm
6.5
CVSSv2
CVE-2013-3591
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
Vtiger Vtiger Crm 5.3.0
Vtiger Vtiger Crm 5.4.0
1 EDB exploit
6.8
CVSSv2
CVE-2006-4587
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote malicious users to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module.
Vtiger Vtiger Crm 4.2
Vtiger Vtiger Crm 4.2.4
7.5
CVSSv2
CVE-2006-4588
vtiger CRM 4.2.4, and possibly earlier, allows remote malicious users to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module.
Vtiger Vtiger Crm 4.2.4
Vtiger Vtiger Crm 4.2
4.3
CVSSv2
CVE-2011-4670
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) conta...
Vtiger Vtiger Crm
2 EDB exploits
4
CVSSv2
CVE-2011-4679
vtiger CRM prior to 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report.
Vtiger Vtiger Crm
4.3
CVSSv2
CVE-2018-8047
vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated malicious users to inject arbitrary web script or HTML via index.php?module=Contacts&a...
Vtiger Vtiger Crm
NA
CVE-2022-38335
Vtiger CRM v7.4.0 exists to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.
Vtiger Vtiger Crm
4
CVSSv2
CVE-2014-1222
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM prior to 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KC...
Vtiger Vtiger Crm
3 EDB exploits
7.5
CVSSv2
CVE-2013-3214
vtiger CRM 5.4.0 and previous versions contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
Vtiger Vtiger Crm
2 EDB exploits
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29758
CVE-2023-42931
unauthorized
CVE-2024-1540
unprivileged
CVE-2023-24955
CVE-2024-20259
logic flaw
CVE-2024-20333
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »