Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vtiger vtiger crm vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-5009
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, a...
Vtiger Vtiger Crm 7.1.0
Vtiger Vtiger Crm
6.8
CVSSv2
CVE-2006-4587
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote malicious users to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module.
Vtiger Vtiger Crm 4.2
Vtiger Vtiger Crm 4.2.4
7.5
CVSSv2
CVE-2006-4588
vtiger CRM 4.2.4, and possibly earlier, allows remote malicious users to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module.
Vtiger Vtiger Crm 4.2.4
Vtiger Vtiger Crm 4.2
6.5
CVSSv2
CVE-2013-3591
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
Vtiger Vtiger Crm 5.3.0
Vtiger Vtiger Crm 5.4.0
1 EDB exploit
7.5
CVSSv2
CVE-2006-4617
Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote malicious users to upload and execute arbitrary files with executable extensions in the /cashe/mails folder.
Vtiger Vtiger Crm
5.5
CVSSv2
CVE-2007-3598
index.php in vtiger CRM prior to 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of ...
Vtiger Vtiger Crm
4
CVSSv2
CVE-2014-1222
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM prior to 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KC...
Vtiger Vtiger Crm
3 EDB exploits
4.3
CVSSv2
CVE-2005-3821
Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via multiple vectors, including the account name.
Vtiger Vtiger Crm
7.5
CVSSv2
CVE-2005-3822
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module.
Vtiger Vtiger Crm
5
CVSSv2
CVE-2005-3824
The uploads module in vTiger CRM 4.2 and previous versions allows remote malicious users to upload arbitrary files, such as PHP files, via the add2db action.
Vtiger Vtiger Crm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28254
CVE-2024-32515
CVE-2024-21338
validation
CVE-2024-32522
dos
CVE-2024-2101
CVE-2024-21107
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »