Summary
vtiger CRM is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to bypass the authentication process, download the database backup and modify configurations settings.
vtiger CRM 5.2.1 is vulnerable
other versions may also be affected.
Solution
Vendor updates are available. Please see the references for details.
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
- ASP Inline Corporate Calendar SQL injection
- Allegro RomPager `Misfortune Cookie` Vulnerability
- Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
- Apache Struts ClassLoader Manipulation Vulnerabilities