vtiger CRM 4.2.4, and possibly earlier, allows remote malicious users to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vtiger vtiger crm 4.2.4 |
||
vtiger vtiger crm 4.2 |