Vtiger Crm@5.4.0 Security Vulnerabilities and Issues — Vtiger Crm@5.4.0 CVE List

Lucene search

VtigerVtiger Crm5.4.0

4 matches found

CVE•added 2014/11/16 1:59 a.m.•56 views

CVE-2014-2268

views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parame...

5CVSS6.9AI score0.77294EPSS

CVE•added 2020/02/07 3:15 p.m.•55 views

CVE-2013-3591

vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability

8.8CVSS8.8AI score0.799EPSS

CVE•added 2014/04/02 4:5 p.m.•52 views

CVE-2013-3213

Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php...

7.5CVSS9.6AI score0.00315EPSS

CVE•added 2014/02/14 7:55 p.m.•37 views

CVE-2013-7326

Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\com_vtiger_workflow\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) savetask.php, or (5) save...

4.3CVSS5.8AI score0.00407EPSS