Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vtiger vtiger crm vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2014-1222
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM prior to 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KC...
Vtiger Vtiger Crm
3 EDB exploits
4
CVSSv2
CVE-2011-4679
vtiger CRM prior to 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report.
Vtiger Vtiger Crm
4
CVSSv2
CVE-2009-3251
include/utils/ListViewUtils.php in vtiger CRM prior to 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the (1) visibility, (2) location, and (3) recurrence fields of a calendar via a custom view.
Vtiger Vtiger Crm
4
CVSSv2
CVE-2007-3600
WordPlugin in the wordintegration component in vtiger CRM prior to 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module.
Vtiger Vtiger Crm
4
CVSSv2
CVE-2007-3617
The report module in vtiger CRM prior to 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries.
Vtiger Vtiger Crm
4
CVSSv2
CVE-2007-3604
vtiger CRM prior to 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php.
Vtiger Vtiger Crm
3.6
CVSSv2
CVE-2009-3257
vtiger CRM prior to 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Account Billing Address and (2) Shipping Address fields in a profile by creating a Sales Order (SO) associated with that profile.
Vtiger Vtiger Crm
2.1
CVSSv2
CVE-2007-3601
vtiger CRM prior to 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view.
Vtiger Vtiger Crm
NA
CVE-2023-46304
modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated malicious user to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed on every page load).
1 Github repository
NA
CVE-2023-38891
SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated malicious user to escalate privileges via the getQueryColumnsList function in ReportRun.php.
Vtiger Vtiger Crm 7.5.0
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »