Shodan
Vulnerabilities
Vulnerable Software
Vtiger:  >> Vtiger Crm  Security Vulnerabilities
CVE-2022-38335
Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.
CVSS Score
5.4
EPSS Score
0.004
Published
2022-09-27
CVE-2020-22807
An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-04-29
CVE-2020-19362
Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-01-20
CVE-2020-19363
Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-01-20
CVE-2013-3591
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
CVSS Score
8.8
EPSS Score
0.799
Published
2020-02-07
CVE-2015-6000
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/.
CVSS Score
8.8
EPSS Score
0.774
Published
2020-02-06
CVE-2013-3215
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
CVSS Score
9.8
EPSS Score
0.775
Published
2020-01-29
CVE-2013-3212
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.
CVSS Score
8.1
EPSS Score
0.218
Published
2020-01-28
CVE-2013-3214
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
CVSS Score
9.8
EPSS Score
0.891
Published
2020-01-28
CVE-2019-19202
In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-11-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved