SEC-CONSULT Security Advisory 20051125-0 - vTiger versions 4.2 and below have been found susceptible to SQL injection, cross site scripting, code execution, directory traversal, and arbitrary file upload flaws.
c40cfc60da4956c1504de1864fab0f8bc8c5873f798f96b78f0c2755e01d5af9