Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vtiger vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2009-3247
Cross-site scripting (XSS) vulnerability in the Activities module in vtiger CRM 5.0.4 allows remote malicious users to inject arbitrary web script or HTML via the action parameter to phprint.php. NOTE: the query_string vector is already covered by CVE-2008-3101.3.
Vtiger Vtiger Crm 5.0.4
1 EDB exploit
6.4
CVSSv2
CVE-2014-2269
modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote malicious users to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters.
Vtiger Vtiger Crm 6.0.0
7.5
CVSSv2
CVE-2006-5289
Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules...
Vtiger Vtiger Crm 4.2
1 EDB exploit
4.3
CVSSv2
CVE-2020-19362
Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.
Vtiger Vtiger Crm 7.2.0
1 Github repository
4.3
CVSSv2
CVE-2020-19363
Vtiger CRM v7.2.0 allows an malicious user to display hidden files, list directories by using /libraries and /layout directories.
Vtiger Vtiger Crm 7.2.0
1 Github repository
5
CVSSv2
CVE-2012-4867
Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote malicious users to read arbitrary files via a .. (dot dot) in the module_name parameter.
Vtiger Vtiger Crm 5.1.0
1 EDB exploit
8.5
CVSSv2
CVE-2016-1713
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an execut...
Vtiger Vtiger Crm 6.4.0
2 EDB exploits
6.5
CVSSv2
CVE-2016-10754
modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter.
Vtiger Vtiger Crm 6.5.0
7.5
CVSSv2
CVE-2020-22807
An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature.
Vtiger Vtiger Crm 7.2.0
4.3
CVSSv2
CVE-2013-7326
Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote malicious users to inject arbitrary web script or HTML via the (1) return_url parameter to modules\com_vtiger_workflow\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) ...
Vtiger Vtiger Crm 5.4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »