Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vtiger vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2013-3215
vtiger CRM 5.4.0 and previous versions contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
Vtiger Vtiger Crm
1 EDB exploit
490
VMScore
CVE-2016-4834
modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and previous versions does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors.
Vtiger Vtiger Crm
668
VMScore
CVE-2005-3823
The Users module in vTiger CRM 4.2 and previous versions allows remote malicious users to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function.
Vtiger Vtiger Crm
440
VMScore
CVE-2005-3818
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a ...
Vtiger Vtiger Crm
2 EDB exploits
755
VMScore
CVE-2005-3819
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and previous versions allow remote malicious users to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module.
Vtiger Vtiger Crm
1 EDB exploit
570
VMScore
CVE-2005-3820
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and previous versions allow remote malicious users to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) modul...
Vtiger Vtiger Crm
383
VMScore
CVE-2005-3821
Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via multiple vectors, including the account name.
Vtiger Vtiger Crm
668
VMScore
CVE-2005-3822
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module.
Vtiger Vtiger Crm
445
VMScore
CVE-2005-3824
The uploads module in vTiger CRM 4.2 and previous versions allows remote malicious users to upload arbitrary files, such as PHP files, via the add2db action.
Vtiger Vtiger Crm
383
VMScore
CVE-2018-8047
vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated malicious users to inject arbitrary web script or HTML via index.php?module=Contacts&a...
Vtiger Vtiger Crm
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »