CRM
by 07fly
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6000 | 0.09 | — | 0.40 | Feb 6, 2020 | Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an… | |||
| CVE-2023-5020 | 0.00 | — | 0.01 | Sep 17, 2023 | A vulnerability, which was classified as critical, has been found in 07FLY CRM V2. This issue affects some unknown processing of the file /index.php/sysmanage/Login/login_auth/ of the component Administrator Login Page. The manipulation of the argument account leads to sql… | |||
| CVE-2023-3058 | 0.00 | — | 0.01 | Jun 2, 2023 | A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been… | |||
| CVE-2020-22807 | 0.00 | — | 0.01 | Apr 29, 2021 | An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature. | |||
| CVE-2020-35418 | 0.00 | — | 0.01 | Apr 14, 2021 | Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file. | |||
| CVE-2020-35419 | 0.00 | — | 0.01 | Apr 14, 2021 | Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter. |
- CVE-2015-6000Feb 6, 2020risk 0.09cvss —epss 0.40
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an…
- CVE-2023-5020Sep 17, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in 07FLY CRM V2. This issue affects some unknown processing of the file /index.php/sysmanage/Login/login_auth/ of the component Administrator Login Page. The manipulation of the argument account leads to sql…
- CVE-2023-3058Jun 2, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been…
- CVE-2020-22807Apr 29, 2021risk 0.00cvss —epss 0.01
An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature.
- CVE-2020-35418Apr 14, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.
- CVE-2020-35419Apr 14, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.