Vtiger 5.4.0 Security Patch Released

***April 2nd, 2012 UPDATE: Some users may experience performance issues after applying the security patch below. If you do experience performance issues, please download and apply this patch after applying the security patch. As many of you are aware, Vtiger CRM Open Source 6.0 is still under development and is slated for a May release. For those currently using Vtiger CRM Open Source 5.4, we would like to recommend applying a new security patch, which fixes a series of vulnerabilities reported by Mr. Nick Freeman from security-assessment.com and Mr. Egidio. The patch covers the following discovered vulnerabilities: Local File Inclusion Local File Deletion SQL Injection PHP Code Injection Cross site scripting Arbitrary File Upload Authentication Bypass vulnerabilities(SOAP API’s) 1. Before deploying the patch It is essential to have an available backup of your Vtiger installation in the result of any errors. To do this, create a copy of the entire Vtiger folder, and place it in a different location. As there is no database change in this particular case, a database dump is unnecessary. 2. Obtaining the patch files Download the patch files from: SourceForge Vtiger Link 3. Upload the patch files to your Vtiger CRM 5.4.0 folder 4. Extract the patch files to that directory, overwriting any files as necessary
Sort by:   newest | oldest | most voted
Pablo HP
4 years 7 months ago


I have version 5.4 of the open source vtiger.
I never upgraded to version 5.4 of my vtiger before.
I think that since the launch I never even installed an update.

Today I found your blog on the suggestion of installing the security update

Can you tell me if there were others before this update?
Can you tell me if this installation contains all updates released to date?
Can you tell me how do I know which version of my Vtiger (not 5.4, obviously)?

I’m anxious for version 6.0, but as they say, everything is good and cheap it is time consuming.

Thanks if you can help me.

4 years 7 months ago

I installed the patch yesterday and afterwards I recognized that vtiger is now very slow in loading the pages. In this way it isn’t usable and I’ve to do a rollback. Anyone who discovered the same behaviour?


4 years 7 months ago

Yes, same problem here, it slowed down the site.

4 years 7 months ago

Yes, way to slow to be a productive application….

4 years 7 months ago

Yes, I have exactly the same problem !

Kieran Kay
4 years 7 months ago

My most sincere apologies for the delay – and thank you all for chiming in and leaving feedback. In our initial testing we didn’t run into the problems that you faced and apologize for pushing the security patch out without catching that. We were recently able to replicate the issues being seen and have released a performance patch here:


If you still experiencing any problems after applying the patch, please leave a comment and we’ll dive in even deeper to see what’s wrong. Alternatively, if the patch does solve the issue please do also leave a comment. We try to test as many scenarios as we can but unfortunately can’t replicate every instance. Thank you all very much for your patience!

4 years 7 months ago

Hi, I’ve just tried to download the file but i get the following message:
“The “/vtiger CRM 5.4.0/Co..erformance_Patch.zip” file could not be found or is not available. Please select another file”
Please help, it is really slow

4 years 7 months ago

@Kay: Thanks for providing the performance patch. I applied the pach succesfully resulting in a little faster behaviour. But compared to the initial speed of the fresh and probably insecure installation of vtiger this is a big difference, because it was much faster at the beginning. I guess I’ve to wait at vtiger 6.
But thanks again for the very fast developing of the improvement patch.



[…] April 2nd, 2012 UPDATE: Some users may experience performance issues after applying the security patch below. If you do experience performance issues, please download and apply this patch after applying the security patch.  […]

4 years 7 months ago

@Kay: Am not able to download Performance Patch, but i noticed Security Patch Updated 7 Hours ago, does it means Security Patch merged with Performance Patch.

4 years 7 months ago

Ok, finally got this working, the new security release has the performance integrated,
Thanks for fixing this.

Przemysław Staniszewski
4 years 7 months ago


After unpack security patch javascript stop working. Nothing happens after clicking icons in the top right corner or clicking More on toolbar.

Do I need reload some cache or what?

Best Regards


3 reasons why insurance agencies need CRM

To thrive in a competitive market and cater to better informed customers, today’s insurance agencies have to be more customer centric than ever before. To ...
manager's toolkit

3 CRM tools every sales manager needs for generating predictable growth

If you’re a sales manager, we understand that you have the toughest job in sales. You hold great responsibilities, work long hours, go on several ...
Sales automation

A comprehensive guide for automating sales related tasks in Vtiger CRM

When selling, have you ever: Spent your valuable time on entering contact and opportunity details into CRM? Wasted time calling unqualified leads because they appeared ...

Configure multiple sales pipelines in Vtiger

A sales pipeline is the set of actions that a salesperson must take in order to turn a lead into a customer. For example, a ...
Approval process

Accelerate Quote approvals with Approval Processes in Vtiger

In everyday business, you deal with many business processes and documents that require approval from managers, executives, and other decision-makers. For instance, sales associates often ...
data security 2

Your privacy, and data, are safe with Vtiger CRM Open Source

Occasionally, from the actively privacy conscious (thank you for standing up for all of our privacy rights!), we get an email asking whether we can ...

Replace these 3 commonly used apps with Vtiger to get more done efficiently

To run a business smoothly, you use a plethora of software, apps, and tools. Perhaps, you use an accounting software to manage to invoice customers, ...

SMS marketing with Vtiger CRM: Reach more customers, grow your email list, and build a loyal customer base

Short message service (SMS) is a tool that can help marketers connect with prospects and customers in a direct and personal way. While it’s easy ...

Introducing Vtiger 360 for Field Sales: Optimise sales visits with quicker navigation and real time check-in

Field sales agents who spend most of the time visiting prospects and customers, always look for ways to improve travel efficiency to spend more time ...
Omni channel customer support

3 challenges Vtiger solves for customer service managers

If you work as a customer service manager, then we understand that every day you work under a lot of pressure and face many challenges ...