Vtiger 5.4.0 Security Patch Released
Posted: Mon Dec 23, 2024 5:39 am
*** April 2nd, 2012 UPDATE: Some users may experience performance issues after applying the security patch below. If you have performance issues, please download and apply this patch after applying the security patch.
As many of you know, taiwanese phone number Vtiger CRM Open Source 6.0 is still under development and is scheduled for release in May. For those currently using Vtiger CRM Open Source 5.4, we would like to recommend applying a new security patch that fixes a number of vulnerabilities reported by Nick Freeman of security-assessment.com and Mr. Egidio. The patch addresses the following reported vulnerabilities:
Local File Inclusion
Local File Deletion
SQL Injection PHP Injection
Cross-
Site Scripting Arbitrary
File Upload
Authentication Bypass Vulnerabilities (SOAP API)
1. Before deploying the patch
It is important to have a backup of your Vtiger installation available in case of any errors. To do this, create a copy of the entire Vtiger folder and place it in another location. Since there are no changes to the database in this particular case, a database dump is not required.
2. Getting patch files
Download patch files from:
SourceForge Vtiger Link
3. Upload the patch files to the Vtiger CRM 5.4.0 folder
4. Extract the patch files to this directory, overwriting any files as necessary.
As many of you know, taiwanese phone number Vtiger CRM Open Source 6.0 is still under development and is scheduled for release in May. For those currently using Vtiger CRM Open Source 5.4, we would like to recommend applying a new security patch that fixes a number of vulnerabilities reported by Nick Freeman of security-assessment.com and Mr. Egidio. The patch addresses the following reported vulnerabilities:
Local File Inclusion
Local File Deletion
SQL Injection PHP Injection
Cross-
Site Scripting Arbitrary
File Upload
Authentication Bypass Vulnerabilities (SOAP API)
1. Before deploying the patch
It is important to have a backup of your Vtiger installation available in case of any errors. To do this, create a copy of the entire Vtiger folder and place it in another location. Since there are no changes to the database in this particular case, a database dump is not required.
2. Getting patch files
Download patch files from:
SourceForge Vtiger Link
3. Upload the patch files to the Vtiger CRM 5.4.0 folder
4. Extract the patch files to this directory, overwriting any files as necessary.