Lucene search

K

CRM Security Vulnerabilities

cve
cve

CVE-2018-13447

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut...

9.8CVSS

9.9AI Score

0.001EPSS

2022-10-03 04:22 PM
27
cve
cve

CVE-2018-13448

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id...

9.8CVSS

9.9AI Score

0.001EPSS

2022-10-03 04:22 PM
31
cve
cve

CVE-2019-5009

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "" tags, as demonstrated by a CompanyDetailsSave action....

7.2CVSS

7AI Score

0.072EPSS

2022-10-03 04:19 PM
37
cve
cve

CVE-2012-4867

Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name...

6.8AI Score

0.098EPSS

2022-10-03 04:15 PM
23
cve
cve

CVE-2012-1225

Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to...

8.3AI Score

0.007EPSS

2022-10-03 04:15 PM
25
2
cve
cve

CVE-2011-0843

Unspecified vulnerability in the Siebel CRM Core component in Oracle Siebel CRM 7.8.2, 8.0.0, and 8.1.1 allows remote attackers to affect integrity via unknown vectors related to Globalization -...

6AI Score

0.001EPSS

2022-10-03 04:15 PM
25
cve
cve

CVE-2011-0833

Unspecified vulnerability in the Siebel CRM Core component in Oracle Siebel CRM 7.8.2, 8.0.0, and 8.1.1 allows remote attackers to affect integrity, related to UIF...

6.3AI Score

0.001EPSS

2022-10-03 04:15 PM
22
cve
cve

CVE-2011-0834

Unspecified vulnerability in the Siebel CRM Core component in Oracle Siebel CRM 8.0.0 and 8.1.1 allows remote attackers to affect integrity via unknown vectors related to Globalization -...

6AI Score

0.001EPSS

2022-10-03 04:15 PM
20
cve
cve

CVE-2011-2316

Unspecified vulnerability in the Siebel Apps - Marketing component in Oracle Siebel CRM 8.0.0 allows remote attackers to affect integrity via unknown vectors related to Email...

6AI Score

0.001EPSS

2022-10-03 04:15 PM
20
cve
cve

CVE-2011-4679

vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created...

6.4AI Score

0.001EPSS

2022-10-03 04:15 PM
18
cve
cve

CVE-2011-4680

Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified...

5.8AI Score

0.001EPSS

2022-10-03 04:15 PM
19
cve
cve

CVE-2013-5091

SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of...

8AI Score

0.002EPSS

2022-10-03 04:14 PM
30
cve
cve

CVE-2013-5768

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect integrity via unknown vectors related to ActiveX...

5.5AI Score

0.001EPSS

2022-10-03 04:14 PM
23
cve
cve

CVE-2013-5761

Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Integration -...

5.8AI Score

0.001EPSS

2022-10-03 04:14 PM
21
cve
cve

CVE-2013-5796

Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Web...

6.1AI Score

0.001EPSS

2022-10-03 04:14 PM
18
cve
cve

CVE-2013-5769

Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 allows remote authenticated users to affect availability via unknown vectors related to Web...

5.6AI Score

0.001EPSS

2022-10-03 04:14 PM
22
cve
cve

CVE-2013-3832

Unspecified vulnerability in the Siebel Server Remote component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect integrity via unknown vectors related to File System...

5.6AI Score

0.001EPSS

2022-10-03 04:14 PM
16
cve
cve

CVE-2013-3841

Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Web...

5.8AI Score

0.001EPSS

2022-10-03 04:14 PM
16
cve
cve

CVE-2013-3840

Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web...

5.3AI Score

0.001EPSS

2022-10-03 04:14 PM
17
cve
cve

CVE-2007-3602

The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird...

6.3AI Score

0.002EPSS

2022-10-03 04:14 PM
22
cve
cve

CVE-2007-3616

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users...

6.4AI Score

0.002EPSS

2022-10-03 04:14 PM
18
cve
cve

CVE-2007-3598

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that.....

6.5AI Score

0.002EPSS

2022-10-03 04:14 PM
19
cve
cve

CVE-2008-3458

Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload...

6.2AI Score

0.008EPSS

2022-10-03 04:13 PM
16
4
cve
cve

CVE-2022-38335

Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template...

5.4CVSS

5.3AI Score

0.001EPSS

2022-09-27 11:15 PM
20
4
cve
cve

CVE-2022-35805

Microsoft Dynamics CRM (on-premises) Remote Code Execution...

8.8CVSS

9.2AI Score

0.013EPSS

2022-09-13 07:15 PM
61
9
cve
cve

CVE-2022-34700

Microsoft Dynamics CRM (on-premises) Remote Code Execution...

8.8CVSS

9.2AI Score

0.011EPSS

2022-09-13 07:15 PM
57
10
cve
cve

CVE-2022-37181

72crm 9.0 has an Arbitrary file upload...

9.8CVSS

9.4AI Score

0.002EPSS

2022-08-24 05:15 PM
42
13
cve
cve

CVE-2022-37178

An issue was discovered in 72crm 9.0. There is a SQL Injection vulnerability in View the task...

8.8CVSS

9AI Score

0.001EPSS

2022-08-24 05:15 PM
26
11
cve
cve

CVE-2022-1202

The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection...

7.8CVSS

7.7AI Score

0.001EPSS

2022-06-13 01:15 PM
36
3
cve
cve

CVE-2022-2060

Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to...

5.4CVSS

5.2AI Score

0.001EPSS

2022-06-13 09:15 AM
67
8
cve
cve

CVE-2022-30875

Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error...

6.1CVSS

5.8AI Score

0.001EPSS

2022-06-08 05:15 PM
46
4
cve
cve

CVE-2022-27438

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start...

8.1CVSS

8.3AI Score

0.063EPSS

2022-06-06 11:15 PM
74
9
cve
cve

CVE-2022-1239

The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF...

8.8CVSS

8.6AI Score

0.001EPSS

2022-05-02 04:15 PM
77
4
cve
cve

CVE-2021-37517

An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of...

7.5CVSS

7.3AI Score

0.001EPSS

2022-03-31 07:15 PM
65
cve
cve

CVE-2021-36625

An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE...

8.8CVSS

8.8AI Score

0.001EPSS

2022-03-31 06:15 PM
60
cve
cve

CVE-2022-0819

Code Injection in GitHub repository dolibarr/dolibarr prior to...

8.8CVSS

8.8AI Score

0.002EPSS

2022-03-02 04:15 PM
84
2
cve
cve

CVE-2022-0746

Business Logic Errors in GitHub repository dolibarr/dolibarr prior to...

4.3CVSS

4.5AI Score

0.001EPSS

2022-02-25 09:15 AM
78
cve
cve

CVE-2022-0731

Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to...

6.5CVSS

6.3AI Score

0.001EPSS

2022-02-23 07:15 PM
70
cve
cve

CVE-2022-0414

Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to...

4.3CVSS

4.4AI Score

0.001EPSS

2022-01-31 11:15 AM
43
2
cve
cve

CVE-2022-0224

dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL...

9.8CVSS

9.6AI Score

0.002EPSS

2022-01-14 06:15 PM
47
cve
cve

CVE-2022-0174

Improper Validation of Specified Quantity in Input vulnerability in dolibarr...

4.3CVSS

4.5AI Score

0.001EPSS

2022-01-10 06:15 PM
47
cve
cve

CVE-2022-22108

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of...

4.3CVSS

4.4AI Score

0.001EPSS

2022-01-05 03:15 PM
56
cve
cve

CVE-2022-22109

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the....

5.4CVSS

5.1AI Score

0.001EPSS

2022-01-05 03:15 PM
126
cve
cve

CVE-2022-22107

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the...

4.3CVSS

4.5AI Score

0.001EPSS

2022-01-05 03:15 PM
94
cve
cve

CVE-2022-22110

In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’...

7.5CVSS

7.4AI Score

0.001EPSS

2022-01-05 03:15 PM
52
cve
cve

CVE-2022-22111

In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator’s. This allows the attacker to gain access to the highest privileged user....

8.8CVSS

8.7AI Score

0.001EPSS

2022-01-05 03:15 PM
56
cve
cve

CVE-2022-22293

admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT...

5.4CVSS

5.3AI Score

0.001EPSS

2022-01-02 12:15 AM
73
cve
cve

CVE-2021-39198

OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no workarounds that address this vulnerability and.....

5.4CVSS

5.5AI Score

0.001EPSS

2021-11-19 10:15 PM
41
cve
cve

CVE-2021-33816

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not...

9.8CVSS

9.7AI Score

0.03EPSS

2021-11-10 11:15 PM
26
cve
cve

CVE-2021-33618

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management...

6.1CVSS

5.7AI Score

0.002EPSS

2021-11-10 11:15 PM
20
Total number of security vulnerabilities428