Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vtiger vtiger crm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-2269
modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote malicious users to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters.
Vtiger Vtiger Crm 6.0.0
NA
CVE-2013-3213
Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 up to and including 5.4.0 allow remote malicious users to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_l...
Vtiger Vtiger Crm 5.0.0
Vtiger Vtiger Crm 5.4.0
Vtiger Vtiger Crm 5.0.4
Vtiger Vtiger Crm 5.0.1
Vtiger Vtiger Crm 5.2.0
Vtiger Vtiger Crm 5.1.0
Vtiger Vtiger Crm 5.0.3
Vtiger Vtiger Crm 5.3.0
Vtiger Vtiger Crm 5.2.1
Vtiger Vtiger Crm 5.0.2
1 EDB exploit
NA
CVE-2013-7326
Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote malicious users to inject arbitrary web script or HTML via the (1) return_url parameter to modules\com_vtiger_workflow\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) ...
Vtiger Vtiger Crm 5.4.0
NA
CVE-2013-5091
SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559.
Vtiger Vtiger Crm 2.0
Vtiger Vtiger Crm 2.1
Vtiger Vtiger Crm 4
Vtiger Vtiger Crm 5.0.0
Vtiger Vtiger Crm 5.0.3
Vtiger Vtiger Crm 5.3.0
Vtiger Vtiger Crm 4.0.1
Vtiger Vtiger Crm 4.2
Vtiger Vtiger Crm 4.2.4
Vtiger Vtiger Crm 3.0
Vtiger Vtiger Crm 3.2
Vtiger Vtiger Crm 5.0.4
Vtiger Vtiger Crm 5.1.0
Vtiger Vtiger Crm 5.2.0
Vtiger Vtiger Crm 1.0
Vtiger Vtiger Crm 2.0.1
Vtiger Vtiger Crm 4.0
Vtiger Vtiger Crm 5.0.2
Vtiger Vtiger Crm 5.2.1
Vtiger Vtiger Crm
1 EDB exploit
NA
CVE-2012-4867
Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote malicious users to read arbitrary files via a .. (dot dot) in the module_name parameter.
Vtiger Vtiger Crm 5.1.0
1 EDB exploit
NA
CVE-2011-4680
Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM prior to 5.2.0 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Vtiger Vtiger Crm 4.0.1
Vtiger Vtiger Crm 4.2
Vtiger Vtiger Crm 3.0
Vtiger Vtiger Crm 3.2
Vtiger Vtiger Crm 4
Vtiger Vtiger Crm 5.0.4
Vtiger Vtiger Crm
Vtiger Vtiger Crm 5.1.0
Vtiger Vtiger Crm 1.0
Vtiger Vtiger Crm 2.0.1
Vtiger Vtiger Crm 3
Vtiger Vtiger Crm 5.0.0
Vtiger Vtiger Crm 5.0.3
Vtiger Vtiger Crm 5.2.1
Vtiger Vtiger Crm 2.0
Vtiger Vtiger Crm 2.1
Vtiger Vtiger Crm 4.0
Vtiger Vtiger Crm 4.2.4
Vtiger Vtiger Crm 5.0.2
NA
CVE-2011-4679
vtiger CRM prior to 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report.
Vtiger Vtiger Crm
NA
CVE-2011-4670
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) conta...
Vtiger Vtiger Crm
2 EDB exploits
NA
CVE-2011-4559
SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.
Vtiger Vtiger Crm 5.0.3
Vtiger Vtiger Crm 5.0.2
Vtiger Vtiger Crm 5.1.0
Vtiger Vtiger Crm 4.2
Vtiger Vtiger Crm 4.0.1
Vtiger Vtiger Crm 2.0
Vtiger Vtiger Crm 1.0
Vtiger Vtiger Crm
Vtiger Vtiger Crm 5.2.0
Vtiger Vtiger Crm 4.2.4
Vtiger Vtiger Crm 2.1
Vtiger Vtiger Crm 2.0.1
Vtiger Vtiger Crm 3.0
Vtiger Vtiger Crm 5.0.4
Vtiger Vtiger Crm 4.0
Vtiger Vtiger Crm 3.2
1 EDB exploit
NA
CVE-2010-3909
Incomplete blacklist vulnerability in config.template.php in vtiger CRM prior to 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file ...
Vtiger Vtiger Crm 4
Vtiger Vtiger Crm 4.2.4
Vtiger Vtiger Crm 2.0
Vtiger Vtiger Crm 3
Vtiger Vtiger Crm 5.1.0
Vtiger Vtiger Crm 5.0.3
Vtiger Vtiger Crm 5.0.4
Vtiger Vtiger Crm 3.2
Vtiger Vtiger Crm 3.0
Vtiger Vtiger Crm
Vtiger Vtiger Crm 5.0.2
Vtiger Vtiger Crm 2.0.1
Vtiger Vtiger Crm 4.2
Vtiger Vtiger Crm 4.0
Vtiger Vtiger Crm 2.1
Vtiger Vtiger Crm 1.0
Vtiger Vtiger Crm 4.0.1
Vtiger Vtiger Crm 5.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »