Latest vtiger vtiger crm Vulnerabilities

CVE-2023-38891
SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php.
Vtiger Vtiger Crm=7.5.0
CVE-2022-38335
Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.
Vtiger Vtiger Crm<=7.4.0
CVE-2020-22807
An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature.
Vtiger Vtiger Crm=7.2.0
CVE-2020-19363
Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.
Vtiger Vtiger Crm=7.2.0
CVE-2020-19362
Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party...
Vtiger Vtiger Crm=7.2.0
CVE-2013-3591
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
Vtiger Vtiger Crm=5.3.0
Vtiger Vtiger Crm=5.4.0
CVE-2015-6000
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote au...
Vtiger Vtiger Crm<=6.3.0
CVE-2013-3215
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
Vtiger Vtiger Crm>=5.1.0<=5.4.0
CVE-2013-3212
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.
Vtiger Vtiger Crm<=5.4.0
CVE-2013-3214
Vtiger Vtiger Crm<=5.4.0
CVE-2019-19202
In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request.
Vtiger Vtiger Crm>=7.0<7.2.0
CVE-2018-8047
vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated attack...
Vtiger Vtiger Crm<=7.0.1
CVE-2016-10754
modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter.
Vtiger Vtiger Crm=6.5.0
CVE-2019-11057
SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.
Vtiger Vtiger Crm<=7.0.1
Vtiger Vtiger Crm=7.1.0
Vtiger Vtiger Crm=7.1.0-hotfix1
Vtiger Vtiger Crm=7.1.0-hotfix2
Vtiger Vtiger Crm=7.1.0-rc
CVE-2019-5009
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the...
Vtiger Vtiger Crm<=7.1.0
Vtiger Vtiger Crm=7.1.0-hotfix1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203