Vulnerabilities > Vtiger > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-13 | CVE-2006-5289 | Remote File Include vulnerability in Vtiger CRM 4.2 Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php. | 7.5 |
| 2006-09-07 | CVE-2006-4617 | File-Upload vulnerability in vtiger CRM Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder. | 7.5 |
| 2006-09-06 | CVE-2006-4588 | HTML Injection and Access Control Bypass vulnerability in Vtiger CRM 4.2/4.2.4 vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module. | 7.5 |
| 2005-11-26 | CVE-2005-3823 | Input Validation vulnerability in VTiger CRM The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function. | 7.5 |
| 2005-11-26 | CVE-2005-3822 | Input Validation vulnerability in VTiger CRM Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module. | 7.5 |
| 2005-11-26 | CVE-2005-3819 | Input Validation vulnerability in VTiger CRM Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module. | 7.5 |