Lucene search
K

44 matches found

NVD
NVD
added last week9 views

CVE-2026-23697

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS0.00758EPSS
Exploits2References3
EUVD
EUVD
added last week5 views

EUVD-2026-42055

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS6.8AI score0.00758EPSS
Exploits2References3
Cvelist
Cvelist
added last week34 views

CVE-2026-23697 Vtiger CRM < 8.4.0 Authenticated File Upload RCE via Documents Module

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS0.00758EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-23697

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS6.8AI score0.00758EPSS
Exploits2References4
CVE
CVE
added last week14 views

CVE-2026-23697

Vtiger CRM before 8.4.0 is vulnerable to an authenticated file upload RCE via the Documents module. An attacker with low privileges can upload a .phar file containing arbitrary PHP code, bypassing the extension denylist in config.inc.php (which omits .phar). The uploaded file is stored with its o...

8.8CVSS6.8AI score0.00758EPSS
Exploits2References3
NVD
NVD
added 2026/05/14 5:16 p.m.29 views

CVE-2026-42555

Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...

9.1CVSS0.00576EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/16 9:18 p.m.7 views

Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion

Summary The documents and files module in Admidio does not verify whether the current user has permission to delete folders or files. The folderdelete and filedelete action handlers in modules/documents-files.php only perform a VIEW authorization check getFolderForDownload / getFileForDownload...

9.1CVSS5.9AI score0.00323EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/16 9:18 p.m.7 views

GHSA-RMPJ-3X5M-9M5F Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion

Summary The documents and files module in Admidio does not verify whether the current user has permission to delete folders or files. The folderdelete and filedelete action handlers in modules/documents-files.php only perform a VIEW authorization check getFolderForDownload / getFileForDownload...

9.1CVSS5.9AI score0.00323EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-51112

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00829EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-52654

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00355EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:1 a.m.8 views

CVE-2024-54687

Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting XSS via the Documents module and function uploadAndSaveFile in CRMEntity.php...

6.1CVSS6.1AI score0.00355EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:52 a.m.10 views

CVE-2023-46953

SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module...

9.8CVSS9AI score0.00829EPSS
Exploits0
NVD
NVD
added 2025/01/10 6:15 p.m.10 views

CVE-2024-54687

Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting XSS via the Documents module and function uploadAndSaveFile in CRMEntity.php...

6.1CVSS0.00355EPSS
Exploits1References2
OSV
OSV
added 2025/01/10 6:15 p.m.4 views

CVE-2024-54687

Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting XSS via the Documents module and function uploadAndSaveFile in CRMEntity.php...

6.1CVSS5.8AI score0.00355EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/01/10 12:0 a.m.4 views

Vtiger CRM 安全漏洞

Vtiger CRM is a customer relationship management system CRM developed based on SugarCRM by Vtiger USA. The management system provides functions such as managing, collecting, and analyzing customer information. A security vulnerability exists in Vtiger CRM v.6.1 and earlier versions, which stems...

6.1CVSS6AI score0.00355EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/01/10 12:0 a.m.9 views

CVE-2024-54687

Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting XSS via the Documents module and function uploadAndSaveFile in CRMEntity.php...

6.1AI score0.00355EPSS
Exploits1References2
CVE
CVE
added 2025/01/10 12:0 a.m.59 views

CVE-2024-54687

Vtiger CRM v6.1 and earlier is vulnerable to Cross-Site Scripting (XSS) via the Documents module, specifically through the uploadAndSaveFile function in CRMEntity.php. The underlying cause is an XSS flaw in that path, enabling injected payloads to execute in affected users’ browsers. Public detai...

6.1CVSS6.1AI score0.00355EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/01/10 12:0 a.m.12 views

CVE-2024-54687

Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting XSS via the Documents module and function uploadAndSaveFile in CRMEntity.php...

0.00355EPSS
Exploits1References2
OSV
OSV
added 2024/11/26 7:15 p.m.4 views

CVE-2024-53619

An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file...

6.3CVSS6.1AI score0.00545EPSS
Exploits1References1
OSV
OSV
added 2024/11/26 7:15 p.m.3 views

UBUNTU-CVE-2024-53619

An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file...

6.3CVSS6.2AI score0.00545EPSS
Exploits1References3
Rows per page
Query Builder