漏洞类别:CGI
漏洞等级: 
漏洞信息
Vtiger CRM is an open source CRM application developed by the company Vtiger and is available as free open source software based on PHP and MySQL, and as a subscription-based cloud application through Vtiger's website.
Vtiger CRM contains a vulnerability in modules/Users/actions/Save.php that does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors.
Affected Versions:
Vtiger CRM 6.4.0 and prior
漏洞危害
Successful exploitation allows a remote, authenticated attacker with user privileges to create new users or alter existing user information.
解决方案
Customers are advised to install Vtiger CRM 6.5.0 or later to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论