jselliott/CVE-2023-46304

Releases0

Stars1

Authenticated Remote Code Execution in in VTiger Open Source CRM v7.5

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-46304 ↗	Apr 30, 2024Tuesday, 30 April 2024, 13:15	8.1 HIGH	—
modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed on every page load).