Vtiger » Vtiger Crm : Security Vulnerabilities, CVEs, Published In 2020
CVE-2015-6000
Public exploit
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/.
Max CVSS
8.8
EPSS Score
2.08%
Published
2020-02-06
Updated
2020-02-10
CVE-2013-3591
Public exploit
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
Max CVSS
8.8
EPSS Score
95.14%
Published
2020-02-07
Updated
2020-02-11
CVE-2013-3215
Public exploit
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
Max CVSS
9.8
EPSS Score
17.34%
Published
2020-01-29
Updated
2020-01-31
CVE-2013-3214
Public exploit
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
Max CVSS
9.8
EPSS Score
85.02%
Published
2020-01-28
Updated
2020-01-31
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.
Max CVSS
8.1
EPSS Score
5.95%
Published
2020-01-28
Updated
2020-02-03
5 vulnerabilities found