vtiger CRM Multiple Input Validation Vulnerabilities
vtiger CRM is prone to multiple input-validation vulnerabilities:
- A remote PHP code-execution vulnerability
- Multiple local file-include vulnerabilities
- A cross-site scripting vulnerability
- Multiple cross-site request-forgery vulnerabilities
Attackers can exploit these issues to execute arbitrary script code within the context of the webserver, perform unauthorized actions, compromise the affected application, steal cookie-based authentication credentials, or obtain information that could aid in further attacks.
The issues affect vtiger CRM 5.0.4; other versions may also be affected.