Vulnerabilities > Vtiger

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-14	CVE-2023-38891	SQL Injection vulnerability in Vtiger CRM 7.5.0 SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php. network low complexity vtiger CWE-89	8.8
2022-09-27	CVE-2022-38335	Cross-site Scripting vulnerability in Vtiger CRM Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules. network low complexity vtiger CWE-79	5.4
2021-04-29	CVE-2020-22807	SQL Injection vulnerability in Vtiger CRM 7.2.0 An issue was dicovered in vtiger crm 7.2. network low complexity vtiger CWE-89	7.5
2021-01-20	CVE-2020-19363	Information Exposure vulnerability in Vtiger CRM 7.2.0 Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories. network vtiger CWE-200	4.3
2021-01-20	CVE-2020-19362	Cross-site Scripting vulnerability in Vtiger CRM 7.2.0 Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page. network vtiger CWE-79	4.3
2020-02-07	CVE-2013-3591	Unrestricted Upload of File with Dangerous Type vulnerability in Vtiger CRM 5.3.0/5.4.0 vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability network low complexity vtiger CWE-434	6.5
2020-02-06	CVE-2015-6000	Unrestricted Upload of File with Dangerous Type vulnerability in Vtiger CRM Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/. network low complexity vtiger CWE-434	6.5
2020-01-29	CVE-2013-3215	Improper Authentication vulnerability in Vtiger CRM vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function. network low complexity vtiger CWE-287	7.5
2020-01-28	CVE-2013-3214	Injection vulnerability in Vtiger CRM vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'. network low complexity vtiger CWE-74	7.5
2020-01-28	CVE-2013-3212	Injection vulnerability in Vtiger CRM vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code. network vtiger CWE-74	6.8

Vulnerabilities > Vtiger {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Vtiger"}]}

Vulnerabilities > Vtiger