Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vtiger vtiger crm vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2013-3214
vtiger CRM 5.4.0 and previous versions contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
Vtiger Vtiger Crm
2 EDB exploits
1 Github repository
9.8
CVSSv3
CVE-2013-3215
vtiger CRM 5.4.0 and previous versions contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
Vtiger Vtiger Crm
1 EDB exploit
5.4
CVSSv3
CVE-2022-38335
Vtiger CRM v7.4.0 exists to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.
Vtiger Vtiger Crm
NA
CVE-2011-4670
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) conta...
Vtiger Vtiger Crm
2 EDB exploits
NA
CVE-2011-4679
vtiger CRM prior to 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report.
Vtiger Vtiger Crm
NA
CVE-2014-1222
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM prior to 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KC...
Vtiger Vtiger Crm
3 EDB exploits
NA
CVE-2005-3821
Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via multiple vectors, including the account name.
Vtiger Vtiger Crm
NA
CVE-2005-3823
The Users module in vTiger CRM 4.2 and previous versions allows remote malicious users to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function.
Vtiger Vtiger Crm
NA
CVE-2007-3600
WordPlugin in the wordintegration component in vtiger CRM prior to 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module.
Vtiger Vtiger Crm
NA
CVE-2007-3601
vtiger CRM prior to 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view.
Vtiger Vtiger Crm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »