The Users module in vTiger CRM 4.2 and previous versions allows remote malicious users to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vtiger vtiger crm |