Vtiger

Vtiger Crm

74 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2009-3249

Exploit
  • EPSS 9.59%
  • Veröffentlicht 18.09.2009 20:30:00
  • Zuletzt bearbeitet 16.06.2026 23:11:13

Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the module parameter to graph.php; or the (2) module or (3) file parameter to include/Ajax/...

9

CVE-2009-3250

Exploit
  • EPSS 10.93%
  • Veröffentlicht 18.09.2009 20:30:00
  • Zuletzt bearbeitet 16.06.2026 23:11:14

The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations base...

4.3

CVE-2008-3101

Exploit
  • EPSS 3.77%
  • Veröffentlicht 03.09.2008 14:12:00
  • Zuletzt bearbeitet 16.06.2026 22:55:05

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the u...

5

CVE-2008-3458

Exploit
  • EPSS 2.8%
  • Veröffentlicht 04.08.2008 19:41:00
  • Zuletzt bearbeitet 16.06.2026 22:55:52

Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory.

4

CVE-2007-3617

  • EPSS 0.96%
  • Veröffentlicht 06.07.2007 19:30:00
  • Zuletzt bearbeitet 16.06.2026 22:42:23

The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries.

5.5

CVE-2007-3598

  • EPSS 0.97%
  • Veröffentlicht 06.07.2007 19:30:00
  • Zuletzt bearbeitet 16.06.2026 22:42:21

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor d...

8.5

CVE-2007-3599

  • EPSS 1.29%
  • Veröffentlicht 06.07.2007 19:30:00
  • Zuletzt bearbeitet 16.06.2026 22:42:21

vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission.

4

CVE-2007-3600

  • EPSS 1.78%
  • Veröffentlicht 06.07.2007 19:30:00
  • Zuletzt bearbeitet 16.06.2026 22:42:21

WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module.

2.1

CVE-2007-3601

  • EPSS 0.84%
  • Veröffentlicht 06.07.2007 19:30:00
  • Zuletzt bearbeitet 16.06.2026 22:42:21

vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view.

5.5

CVE-2007-3602

  • EPSS 1.49%
  • Veröffentlicht 06.07.2007 19:30:00
  • Zuletzt bearbeitet 16.06.2026 22:42:21

The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin.