Vtiger

Vtiger Crm

71 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2006-5289

Exploit
  • EPSS 12.1%
  • Veröffentlicht 13.10.2006 20:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, ...

7.5

CVE-2006-4617

  • EPSS 0.64%
  • Veröffentlicht 07.09.2006 00:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder.

7.5

CVE-2006-4588

Exploit
  • EPSS 0.99%
  • Veröffentlicht 06.09.2006 22:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module.

6.8

CVE-2006-4587

  • EPSS 1.63%
  • Veröffentlicht 06.09.2006 22:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the...

4.3

CVE-2005-3818

Exploit
  • EPSS 1.35%
  • Veröffentlicht 26.11.2005 02:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record p...

5

CVE-2005-3824

  • EPSS 0.6%
  • Veröffentlicht 26.11.2005 02:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action.

7.5

CVE-2005-3823

  • EPSS 1.2%
  • Veröffentlicht 26.11.2005 02:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function.

7.5

CVE-2005-3822

  • EPSS 0.82%
  • Veröffentlicht 26.11.2005 02:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts modu...

4.3

CVE-2005-3821

  • EPSS 0.53%
  • Veröffentlicht 26.11.2005 02:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name.

6.4

CVE-2005-3820

Exploit
  • EPSS 1.16%
  • Veröffentlicht 26.11.2005 02:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) m...