CVE-2023-46304

Published: 2024-04-30T13:15Z

Last Modified: 2024-11-21T08:28Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed on every page load). > MITRE Terms of Use apply – see LICENSE‑MITRE.txt