Vtiger Crm Security Vulnerabilities and Issues — Vtiger Crm CVE List

Lucene search

VtigerVtiger Crm

9 matches found

CVE•added 2025/02/24 5:15 a.m.•62 views

CVE-2025-1618

A vulnerability has been found in vTiger CRM 6.4.0/6.5.0 and classified as problematic. This vulnerability affects unknown code of the file /modules/Mobile/index.php. The manipulation of the argument _operation leads to cross site scripting. The attack can be initiated remotely. The exploit has bee...

5.3CVSS4.5AI score0.00034EPSS

CVE•added 2014/11/16 1:59 a.m.•56 views

CVE-2014-2268

views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parame...

5CVSS6.9AI score0.77294EPSS

CVE•added 2012/09/06 5:55 p.m.•45 views

CVE-2012-4867

Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter.

5CVSS6.8AI score0.04712EPSS

CVE•added 2022/09/27 11:15 p.m.•45 views

CVE-2022-38335

Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.

5.4CVSS5.3AI score0.00489EPSS

CVE•added 2007/07/06 7:30 p.m.•41 views

CVE-2007-3602

The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin.

5.5CVSS6.3AI score0.00244EPSS

CVE•added 2005/11/26 2:3 a.m.•40 views

CVE-2005-3824

The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action.

5CVSS7AI score0.00596EPSS

CVE•added 2007/07/06 7:30 p.m.•37 views

CVE-2007-3598

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that t...

5.5CVSS6.5AI score0.00218EPSS

CVE•added 2024/10/14 2:15 p.m.•36 views

CVE-2024-48119

Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML.

5.4CVSS7.4AI score0.0007EPSS

CVE•added 2008/08/04 7:41 p.m.•31 views

CVE-2008-3458

Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory.

5CVSS6.2AI score0.0099EPSS