6 matches found
CVE-2024-42994
VTiger CRM = 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module...
CVE-2024-42994
VTiger CRM = 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module...
CVE-2024-42994
VTiger CRM = 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module...
PT-2024-30247 · Vtiger · Vtiger Crm
Name of the Vulnerable Software and Affected Versions: VTiger CRM versions = 8.1.0 Description: The issue arises from improper sanitization of user input before it is used in a SQL statement, leading to a SQL Injection in the CompanyDetails operation of the MailManager module. Recommendations: Fo...
CVE-2024-42994
VTiger CRM = 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module...
Design/Logic Flaw
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "" tags, as demonstrated by a CompanyDetailsSave action...