Vtiger: >> Vtiger Crm >> 4.0.1 Security Vulnerabilities
The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function.
CVSS Score
7.5
EPSS Score
0.012
Published
2005-11-26
The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action.
CVSS Score
5.0
EPSS Score
0.006
Published
2005-11-26
Page 5