CVE-2023-46304

CVE-2023-46304 · Severity

modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed on every page load).

Learn more about our Crm Penetration Testing.