Vtiger

Vtiger Crm

71 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2013-3212

Exploit
  • EPSS 23.05%
  • Veröffentlicht 28.01.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 01:53:11

vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.

8.8

CVE-2019-19202

Exploit
  • EPSS 0.31%
  • Veröffentlicht 21.11.2019 20:15:15
  • Zuletzt bearbeitet 21.11.2024 04:34:19

In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request.

6.1

CVE-2018-8047

  • EPSS 0.32%
  • Veröffentlicht 06.06.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:13:11

vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated attackers to inject arbitrary web script or HTML via ind...

8.8

CVE-2016-10754

Exploit
  • EPSS 0.24%
  • Veröffentlicht 24.05.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 02:44:40

modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter.

8.8

CVE-2019-11057

Exploit
  • EPSS 0.6%
  • Veröffentlicht 17.05.2019 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:27

SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.

7.2

CVE-2019-5009

Exploit
  • EPSS 17.22%
  • Veröffentlicht 04.01.2019 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:44:10

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tag...

8.5

CVE-2016-1713

Exploit
  • EPSS 61.94%
  • Veröffentlicht 14.04.2017 18:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a cra...

8.1

CVE-2016-4834

  • EPSS 0.61%
  • Veröffentlicht 01.08.2016 02:59:14
  • Zuletzt bearbeitet 12.04.2025 10:46:40

modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors.

5

CVE-2014-2268

Exploit
  • EPSS 77.29%
  • Veröffentlicht 16.11.2014 01:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by ex...

4

CVE-2014-1222

Exploit
  • EPSS 7.53%
  • Veröffentlicht 12.08.2014 23:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that thi...