Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vtiger vtiger crm vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2013-3591
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
Vtiger Vtiger Crm 5.3.0
Vtiger Vtiger Crm 5.4.0
1 EDB exploit
6.5
CVSSv2
CVE-2015-6000
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and previous versions allows remote authenticated users to execute arbitrary code by uploading a file with a...
Vtiger Vtiger Crm
1 EDB exploit
6.5
CVSSv2
CVE-2019-19202
In Vtiger 7.x prior to 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request.
Vtiger Vtiger Crm
6.5
CVSSv2
CVE-2016-10754
modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter.
Vtiger Vtiger Crm 6.5.0
6.5
CVSSv2
CVE-2019-11057
SQL injection vulnerability in Vtiger CRM prior to 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.
Vtiger Vtiger Crm 7.1.0
Vtiger Vtiger Crm
6.5
CVSSv2
CVE-2019-5009
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, a...
Vtiger Vtiger Crm 7.1.0
Vtiger Vtiger Crm
6.5
CVSSv2
CVE-2013-5091
SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559.
Vtiger Vtiger Crm 2.0
Vtiger Vtiger Crm 2.1
Vtiger Vtiger Crm 4
Vtiger Vtiger Crm 5.0.0
Vtiger Vtiger Crm 5.0.3
Vtiger Vtiger Crm 5.3.0
Vtiger Vtiger Crm 4.0.1
Vtiger Vtiger Crm 4.2
Vtiger Vtiger Crm 4.2.4
Vtiger Vtiger Crm 3.0
Vtiger Vtiger Crm 3.2
Vtiger Vtiger Crm 5.0.4
Vtiger Vtiger Crm 5.1.0
Vtiger Vtiger Crm 5.2.0
Vtiger Vtiger Crm 1.0
Vtiger Vtiger Crm 2.0.1
Vtiger Vtiger Crm 4.0
Vtiger Vtiger Crm 5.0.2
Vtiger Vtiger Crm 5.2.1
Vtiger Vtiger Crm
1 EDB exploit
6.5
CVSSv2
CVE-2007-3603
SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM prior to 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php.
Vtiger Vtiger Crm
6.5
CVSSv2
CVE-2007-3616
index.php in vtiger CRM prior to 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module.
Vtiger Vtiger Crm
6.4
CVSSv2
CVE-2014-2269
modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote malicious users to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters.
Vtiger Vtiger Crm 6.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »