[CYBERDIGEST]
⊞ Dashboard ⚡ Intelligence 📝 Reports 📚 Global Threats 💻 Hack Lab 🗄️ Resources ⌬ 0xJerry's Lab
📡 RSS Feed
System Online

Tag

#Unrestricted File Upload

articleHIGH 8.8

Authenticated File Upload Vulnerability in Vtiger CRM Leading to Remote Code Execution (CVE-2026-23697)

A critical vulnerability (CVE-2026-23697) has been discovered in Vtiger CRM versions prior to 8.4.0. This authenticated file upload vulnerability allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module. The vulnerability has a CVSS score of 8.8 and is considered high severity. Organizations using affected versions of Vtiger CRM should immediately upgrade to version 8.4.0 or apply recommended mitigations.

Jul 8, 20261 source