Vtiger: >> Vtiger Crm >> 7.2.0 Security Vulnerabilities
VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-08-16
VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules.
CVSS Score
8.3
EPSS Score
0.002
Published
2024-08-16
Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-09-27
An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-04-29
Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-01-20
Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-01-20
Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree.
CVSS Score
6.0
EPSS Score
0.026
Published
2010-11-26