Lucene search

K
VtigerVtiger Crm

12 matches found

CVE
CVE
added 2017/04/14 6:59 p.m.76 views

CVE-2016-1713

Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, the...

8.5CVSS7.7AI score0.7742EPSS
CVE
CVE
added 2020/01/28 9:15 p.m.68 views

CVE-2013-3212

vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.

8.1CVSS8.5AI score0.23052EPSS
CVE
CVE
added 2019/05/24 6:29 p.m.62 views

CVE-2016-10754

modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter.

8.8CVSS9AI score0.00257EPSS
CVE
CVE
added 2019/11/21 8:15 p.m.61 views

CVE-2019-19202

In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request.

8.8CVSS8.6AI score0.00312EPSS
CVE
CVE
added 2020/02/07 3:15 p.m.55 views

CVE-2013-3591

vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability

8.8CVSS8.8AI score0.799EPSS
CVE
CVE
added 2020/02/06 2:15 p.m.55 views

CVE-2015-6000

Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then ...

8.8CVSS7.9AI score0.7742EPSS
CVE
CVE
added 2016/08/01 2:59 a.m.54 views

CVE-2016-4834

modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors.

8.1CVSS7.5AI score0.00606EPSS
CVE
CVE
added 2024/04/30 1:15 p.m.41 views

CVE-2023-46304

modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed on every page load).

8.1CVSS6.9AI score0.16389EPSS
CVE
CVE
added 2019/05/17 5:29 p.m.36 views

CVE-2019-11057

SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.

8.8CVSS8.9AI score0.00751EPSS
CVE
CVE
added 2024/08/16 5:15 p.m.36 views

CVE-2024-42995

VTiger CRM

8.3CVSS6.7AI score0.00165EPSS
CVE
CVE
added 2007/07/06 7:30 p.m.31 views

CVE-2007-3599

vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission.

8.5CVSS6.1AI score0.00181EPSS
CVE
CVE
added 2023/09/14 11:15 p.m.30 views

CVE-2023-38891

SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php.

8.8CVSS8.7AI score0.02551EPSS