Shodan
Vulnerabilities
Vulnerable Software
Vtiger:  >> Vtiger Crm  Security Vulnerabilities
CVE-2024-42995
VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules.
CVSS Score
8.3
EPSS Score
0.001
Published
2024-08-16
CVE-2023-46304
modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed on every page load).
CVSS Score
8.1
EPSS Score
0.208
Published
2024-04-30
CVE-2023-38891
SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php.
CVSS Score
8.8
EPSS Score
0.038
Published
2023-09-14
CVE-2022-38335
Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-09-27
CVE-2020-22807
An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-04-29
CVE-2020-19362
Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-01-20
CVE-2020-19363
Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.
CVSS Score
6.5
EPSS Score
0.056
Published
2021-01-20
CVE-2013-3591
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
CVSS Score
8.8
EPSS Score
0.799
Published
2020-02-07
CVE-2015-6000
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/.
CVSS Score
8.8
EPSS Score
0.774
Published
2020-02-06
CVE-2013-3215
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
CVSS Score
9.8
EPSS Score
0.737
Published
2020-01-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved