Vulnerabilities > Vtiger > Vtiger CRM > 5.0

DATE CVE VULNERABILITY TITLE RISK
2022-09-27 CVE-2022-38335 Cross-site Scripting vulnerability in Vtiger CRM
Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.
network
low complexity
vtiger CWE-79
5.4
2020-02-06 CVE-2015-6000 Unrestricted Upload of File with Dangerous Type vulnerability in Vtiger CRM
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/.
network
low complexity
vtiger CWE-434
6.5
2020-01-28 CVE-2013-3214 Injection vulnerability in Vtiger CRM
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
network
low complexity
vtiger CWE-74
7.5
2020-01-28 CVE-2013-3212 Injection vulnerability in Vtiger CRM
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.
network
vtiger CWE-74
6.8
2019-06-06 CVE-2018-8047 Cross-site Scripting vulnerability in Vtiger CRM
vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions.
network
vtiger CWE-79
4.3
2019-05-17 CVE-2019-11057 SQL Injection vulnerability in Vtiger CRM
SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.
network
low complexity
vtiger CWE-89
8.8
2019-01-04 CVE-2019-5009 Unrestricted Upload of File with Dangerous Type vulnerability in Vtiger CRM
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40.
network
low complexity
vtiger CWE-434
6.5
2016-08-01 CVE-2016-4834 Permissions, Privileges, and Access Controls vulnerability in Vtiger CRM
modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors.
network
low complexity
vtiger CWE-264
5.5
2014-08-12 CVE-2014-1222 Path Traversal vulnerability in Vtiger CRM
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a ..
network
low complexity
vtiger CWE-22
4.0
2013-10-04 CVE-2013-5091 SQL Injection vulnerability in Vtiger CRM
SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.
network
low complexity
vtiger CWE-89
6.5