Vtiger

Vtiger Crm

71 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2014-2269

Exploit
  • EPSS 0.64%
  • Veröffentlicht 22.04.2014 13:06:28
  • Zuletzt bearbeitet 12.04.2025 10:46:40

modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters.

7.5

CVE-2013-3213

Exploit
  • EPSS 0.21%
  • Veröffentlicht 02.04.2014 16:05:49
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the g...

4.3

CVE-2013-7326

  • EPSS 0.41%
  • Veröffentlicht 14.02.2014 19:55:26
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\com_vtiger_workflow\savetemplate.php, or unspecified vectors to (2) deletetask.php...

6.5

CVE-2013-5091

Exploit
  • EPSS 0.35%
  • Veröffentlicht 04.10.2013 20:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a...

5

CVE-2012-4867

Exploit
  • EPSS 5.06%
  • Veröffentlicht 06.09.2012 17:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter.

4.3

CVE-2011-4680

  • EPSS 0.26%
  • Veröffentlicht 07.12.2011 19:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4

CVE-2011-4679

Exploit
  • EPSS 0.16%
  • Veröffentlicht 07.12.2011 19:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report.

4.3

CVE-2011-4670

Exploit
  • EPSS 17.54%
  • Veröffentlicht 02.12.2011 16:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView act...

7.5

CVE-2011-4559

Exploit
  • EPSS 0.57%
  • Veröffentlicht 28.11.2011 21:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.

4.3

CVE-2010-3911

  • EPSS 0.37%
  • Veröffentlicht 26.11.2010 20:00:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username (aka default_user_name) field or (2) the password field in a Users Login action to index...