modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed on every page load).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.138
EPSS Ranking 93.9%