Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
PHP
File Upload
Vtiger Crm
NVD
Exploit-DB
CVSS 3.1
7.2
EPSS
9.9%