CVSS: 9.8EPSS: 17%CPEs: 1EXPL: 1CVE-2013-3215 – vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-3215
02 Aug 2013 — vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function. vtiger CRM versión 5.4.0 y versiones anteriores, contiene una vulnerabilidad de Omisión de Autenticación debido a una comprobación de autenticación inapropiada en la función validateSession. • https://www.exploit-db.com/exploits/27279 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 3CVE-2013-3213 – vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-3213
01 Aug 2013 — Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchCont... • https://www.exploit-db.com/exploits/27279 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 3%CPEs: 1EXPL: 2CVE-2013-3212 – vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-3212
01 Aug 2013 — vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code. vtiger CRM versiones 5.4.0 y anteriores, contienen vulnerabilidades de inclusión de archivo local en el archivo "customerportal.php" que permite a atacantes remotos visualizar archivos y ejecutar código de script local. • https://www.exploit-db.com/exploits/27279 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 84%CPEs: 1EXPL: 4CVE-2013-3214 – vTiger CRM 5.4.0 SOAP - AddEmailAttachment Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2013-3214
01 Aug 2013 — vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'. vtiger CRM versiones 5.4.0 y anteriores, contiene una vulnerabilidad de inyección de código PHP en el archivo "vtigerolservice.php". • https://www.exploit-db.com/exploits/30787 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •