Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vtiger vtiger crm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-4617
Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote malicious users to upload and execute arbitrary files with executable extensions in the /cashe/mails folder.
Vtiger Vtiger Crm
8.1
CVSSv3
CVE-2013-3212
vtiger CRM 5.4.0 and previous versions contain local file-include vulnerabilities in 'customerportal.php' which allows remote malicious users to view files and execute local script code.
Vtiger Vtiger Crm
1 EDB exploit
5.4
CVSSv3
CVE-2022-38335
Vtiger CRM v7.4.0 exists to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.
Vtiger Vtiger Crm
NA
CVE-2005-3820
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and previous versions allow remote malicious users to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) modul...
Vtiger Vtiger Crm
NA
CVE-2005-3818
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a ...
Vtiger Vtiger Crm
2 EDB exploits
NA
CVE-2005-3819
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and previous versions allow remote malicious users to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module.
Vtiger Vtiger Crm
1 EDB exploit
NA
CVE-2005-3821
Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via multiple vectors, including the account name.
Vtiger Vtiger Crm
NA
CVE-2005-3822
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module.
Vtiger Vtiger Crm
NA
CVE-2005-3824
The uploads module in vTiger CRM 4.2 and previous versions allows remote malicious users to upload arbitrary files, such as PHP files, via the add2db action.
Vtiger Vtiger Crm
NA
CVE-2009-3257
vtiger CRM prior to 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Account Billing Address and (2) Shipping Address fields in a profile by creating a Sales Order (SO) associated with that profile.
Vtiger Vtiger Crm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »