Vulnerability CVE-2016-4834


Published: 2016-07-31   Modified: 2016-08-01

Description:
modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors.

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.5/10
4.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
Vtiger -> CRM 

 References:
http://code.vtiger.com/vtiger/vtigercrm/commit/7cdf9941197b4aa58114eafce3ce88fb418eb68c
http://jvn.jp/en/jp/JVN01956993/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000126

Copyright 2024, cxsecurity.com

 

Back to Top