Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vtiger vtiger crm vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-8047
vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated malicious users to inject arbitrary web script or HTML via index.php?module=Contacts&a...
Vtiger Vtiger Crm
4
CVSSv2
CVE-2014-1222
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM prior to 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KC...
Vtiger Vtiger Crm
3 EDB exploits
5
CVSSv2
CVE-2008-3458
Vtiger CRM prior to 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to read mail merge templates via a direct request to the wordtemplatedownload directory.
Vtiger Vtiger Crm
6.5
CVSSv2
CVE-2019-19202
In Vtiger 7.x prior to 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request.
Vtiger Vtiger Crm
4.3
CVSSv2
CVE-2011-4670
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) conta...
Vtiger Vtiger Crm
2 EDB exploits
6.5
CVSSv2
CVE-2007-3603
SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM prior to 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php.
Vtiger Vtiger Crm
5.5
CVSSv2
CVE-2007-3602
The SOAP webservice in vtiger CRM prior to 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin.
Vtiger Vtiger Crm
4
CVSSv2
CVE-2011-4679
vtiger CRM prior to 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report.
Vtiger Vtiger Crm
4
CVSSv2
CVE-2007-3604
vtiger CRM prior to 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php.
Vtiger Vtiger Crm
4
CVSSv2
CVE-2007-3617
The report module in vtiger CRM prior to 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries.
Vtiger Vtiger Crm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29758
CVE-2023-42931
unauthorized
CVE-2024-1540
unprivileged
CVE-2023-24955
CVE-2024-20259
logic flaw
CVE-2024-20333
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »