545 matches found
Vtiger CRM v7.2.0 - Directory Listing
Vtiger CRM v7.2.0 contains a directory traversal vulnerability caused by improper access controls in /libraries and /layout directories, letting attackers display hidden files and list directories, exploit requires no authentication. id: CVE-2020-19363 info: name: Vtiger CRM v7.2.0 - Directory...
CVE-2026-23698
Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...
CVE-2026-23697
Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...
CVE-2026-23697
Vtiger CRM before 8.4.0 is vulnerable to an authenticated file upload RCE via the Documents module. An attacker with low privileges can upload a .phar file containing arbitrary PHP code, bypassing the extension denylist in config.inc.php (which omits .phar). The uploaded file is stored with its o...
CVE-2026-23697 Vtiger CRM < 8.4.0 Authenticated File Upload RCE via Documents Module
Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...
CVE-2026-23697
Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...
EUVD-2026-42054
Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...
CVE-2026-23698 Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload
Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...
CVE-2026-23698
Vtiger CRM up to 8.4.0 is affected by an authenticated remote code execution vulnerability in the admin ModuleManager import feature. A privileged administrator can upload a crafted ZIP archive which is extracted directly into the web root’s modules/ directory without proper file-type validation ...
CVE-2025-70936
Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...
EUVD-2025-209429
Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...
Vtiger CRM 安全漏洞
Vtiger CRM is a customer relationship management system developed by Vtiger Corporation in the United States, based on SugarCRM. This system provides functions for managing, collecting, and analyzing customer information. Version Vtiger CRM 8.4.0 has a security vulnerability that stems from...
CVE-2025-70936
Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...
CVE-2025-70936
Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...
CVE-2026-26460
A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutralize user-supplied input in the tabid parameter of the DashBoardTab view getTabContents action, allowing an attacker to inject arbitrary HTML content into the dashboard...
CVE-2026-26460
A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutralize user-supplied input in the tabid parameter of the DashBoardTab view getTabContents action, allowing an attacker to inject arbitrary HTML content into the dashboard...
CVE-2026-26460
A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutralize user-supplied input in the tabid parameter of the DashBoardTab view getTabContents action, allowing an attacker to inject arbitrary HTML content into the dashboard...
CVE-2016-10754
modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter...
CVE-2022-38335
Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the e-mail template modules...
CVE-2025-1618
A vulnerability has been found in vTiger CRM 6.4.0/6.5.0 and classified as problematic. This vulnerability affects unknown code of the file /modules/Mobile/index.php. The manipulation of the argument operation leads to cross site scripting. The attack can be initiated remotely. The exploit has be...