Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vtiger vtiger crm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-3820
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and previous versions allow remote malicious users to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) modul...
Vtiger Vtiger Crm
8.8
CVSSv3
CVE-2015-6000
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and previous versions allows remote authenticated users to execute arbitrary code by uploading a file with a...
Vtiger Vtiger Crm
1 EDB exploit
NA
CVE-2005-3818
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a ...
Vtiger Vtiger Crm
2 EDB exploits
NA
CVE-2005-3821
Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via multiple vectors, including the account name.
Vtiger Vtiger Crm
NA
CVE-2005-3822
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module.
Vtiger Vtiger Crm
NA
CVE-2005-3824
The uploads module in vTiger CRM 4.2 and previous versions allows remote malicious users to upload arbitrary files, such as PHP files, via the add2db action.
Vtiger Vtiger Crm
5.4
CVSSv3
CVE-2022-38335
Vtiger CRM v7.4.0 exists to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.
Vtiger Vtiger Crm
NA
CVE-2006-4617
Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote malicious users to upload and execute arbitrary files with executable extensions in the /cashe/mails folder.
Vtiger Vtiger Crm
NA
CVE-2007-3599
vtiger CRM prior to 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission.
Vtiger Vtiger Crm
NA
CVE-2007-3600
WordPlugin in the wordintegration component in vtiger CRM prior to 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module.
Vtiger Vtiger Crm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »