3 matches found
CVE-2023-46304
modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file executed on every page load...
CVE-2023-46304
modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file executed on every page load...
CVE-2023-46304
Vtiger CRM 7.5.0 contains a vulnerability in modules/Users/models/Module.php where an unprotected endpoint allows a remote authenticated attacker to write arbitrary PHP code to config.inc.php, which is then executed on every page load. The issue enables remote code execution by leveraging this pa...