Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vtiger_crm
(Vtiger)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 64 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-08-01 | CVE-2016-4834 | modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors. | Vtiger_crm | 8.1 | ||
| 2021-01-20 | CVE-2020-19363 | Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories. | Vtiger_crm | 6.5 | ||
| 2021-01-20 | CVE-2020-19362 | Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page. | Vtiger_crm | 6.1 | ||
| 2020-02-07 | CVE-2013-3591 | vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability | Vtiger_crm | N/A | ||
| 2020-02-06 | CVE-2015-6000 | Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/. | Vtiger_crm | N/A | ||
| 2020-01-28 | CVE-2013-3212 | vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code. | Vtiger_crm | N/A | ||
| 2020-01-29 | CVE-2013-3215 | vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function. | Vtiger_crm | N/A | ||
| 2020-01-28 | CVE-2013-3214 | vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'. | Vtiger_crm | N/A | ||
| 2019-11-21 | CVE-2019-19202 | In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request. | Vtiger_crm | N/A | ||
| 2019-01-04 | CVE-2019-5009 | Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, as demonstrated by a CompanyDetailsSave action. This bypasses the bad-file-extensions protection mechanism. It is related to actions/CompanyDetailsSave.php, actions/UpdateCompanyLogo.php, and models/CompanyDetails.php. | Vtiger_crm | N/A |