Shodan
Vulnerabilities
Vulnerable Software
Vtiger:  >> Vtiger Crm  >> 5.1.0  Security Vulnerabilities
CVE-2024-54687
Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-01-10
CVE-2024-42994
VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-08-16
CVE-2024-42995
VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules.
CVSS Score
8.3
EPSS Score
0.001
Published
2024-08-16
CVE-2022-38335
Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.
CVSS Score
5.4
EPSS Score
0.004
Published
2022-09-27
CVE-2015-6000
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/.
CVSS Score
8.8
EPSS Score
0.774
Published
2020-02-06
CVE-2013-3215
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
CVSS Score
9.8
EPSS Score
0.775
Published
2020-01-29
CVE-2013-3212
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.
CVSS Score
8.1
EPSS Score
0.218
Published
2020-01-28
CVE-2013-3214
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
CVSS Score
9.8
EPSS Score
0.891
Published
2020-01-28
CVE-2018-8047
vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated attackers to inject arbitrary web script or HTML via index.php?module=Contacts&view=List (app parameter).
CVSS Score
6.1
EPSS Score
0.005
Published
2019-06-06
CVE-2019-11057
SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.
CVSS Score
8.8
EPSS Score
0.008
Published
2019-05-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved