Vtiger Crm Security Vulnerabilities and Issues — Vtiger Crm CVE List

Lucene search

VtigerVtiger Crm

12 matches found

CVE•added 2014/04/02 4:5 p.m.•52 views

CVE-2013-3213

Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php...

7.5CVSS9.6AI score0.00315EPSS

CVE•added 2005/11/26 2:3 a.m.•49 views

CVE-2005-3819

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module.

7.5CVSS8.2AI score0.01596EPSS

CVE•added 2006/09/06 10:4 p.m.•48 views

CVE-2006-4588

vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module.

7.5CVSS7.4AI score0.00811EPSS

CVE•added 2019/01/04 2:29 p.m.•46 views

CVE-2019-5009

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "" tags, as demonstrated by a CompanyDetailsSave action. Thi...

7.2CVSS7AI score0.18485EPSS

CVE•added 2005/11/26 2:3 a.m.•45 views

CVE-2005-3822

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module.

7.5CVSS8.5AI score0.00816EPSS

CVE•added 2011/11/28 9:55 p.m.•44 views

CVE-2011-4559

SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.

7.5CVSS8.6AI score0.01091EPSS

CVE•added 2009/09/18 8:30 p.m.•43 views

CVE-2009-3249

Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the module parameter to graph.php; or the (2) module or (3) file parameter to include/Ajax/CommonAjax.php, reachable through modules/Campaig...

7.5CVSS6.9AI score0.25994EPSS

CVE•added 2025/05/21 9:16 p.m.•43 views

CVE-2025-45753

A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature.

7.2CVSS7.4AI score0.00065EPSS

CVE•added 2005/11/26 2:3 a.m.•37 views

CVE-2005-3823

The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function.

7.5CVSS7.7AI score0.012EPSS

CVE•added 2006/09/07 12:4 a.m.•35 views

CVE-2006-4617

Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder.

7.5CVSS7.8AI score0.00612EPSS

CVE•added 2006/10/13 8:7 p.m.•35 views

CVE-2006-5289

Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php.

7.5CVSS7.6AI score0.12101EPSS

CVE•added 2024/08/16 5:15 p.m.•35 views

CVE-2024-42994

VTiger CRM

7.2CVSS7.5AI score0.00116EPSS