Remote Code Execution Vulnerability in Vtiger CRM 7.5.0
CVE-2023-46304

Currently unrated

Key Information:

Vendor

Vtiger CRM

Status
Vtiger Crm
Vendor
CVE Published:
30 April 2024

What is CVE-2023-46304?

An issue in Vtiger CRM 7.5.0 allows remote authenticated users to exploit an unprotected endpoint within modules/Users/models/Module.php. This vulnerability enables attackers to write arbitrary PHP code to the critical config.inc.php file, which is executed with every request to the application. This flaw poses significant security risks, as it may lead to full system compromise and unauthorized control over the affected application. Securing endpoints and restricting user permissions are crucial steps to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.vtiger.com/
https://code.vtiger.com/vtiger/vtigercrm/-/blob/master/mo...
https://github.com/jselliott/CVE-2023-46304

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.