Lucene search
VtigerVtiger Crm7.1.0
2 matches found
CVE-2019-5009
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "" tags, as demonstrated by a CompanyDetailsSave action. Thi...
7.2CVSS7AI score0.18485EPSS
CVE-2019-11057
SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.
8.8CVSS8.9AI score0.00751EPSS