Vtiger » Vtiger Crm : Security Vulnerabilities, CVEs, Published In 2006

CVE-2006-5289

Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php.
Max CVSS
7.5
EPSS Score
15.58%
Published
2006-10-13
Updated
2018-10-17

CVE-2006-4617

Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder.
Max CVSS
7.5
EPSS Score
0.53%
Published
2006-09-07
Updated
2008-09-05

CVE-2006-4588

vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module.
Max CVSS
7.5
EPSS Score
1.69%
Published
2006-09-06
Updated
2011-03-08

CVE-2006-4587

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module.
Max CVSS
6.8
EPSS Score
2.95%
Published
2006-09-06
Updated
2011-03-08
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close