Vtiger: >> Vtiger Crm >> 8.2.0 Security Vulnerabilities
Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-10-14
Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree.
CVSS Score
6.0
EPSS Score
0.026
Published
2010-11-26