Paolo Cavagliã

**Name of the Vulnerable Software and Affected Versions** VTiger CRM versions <= 8.1.0 **Description** The issue arises from improper sanitization of user input before it is used in a SQL statement, leading to a SQL Injection in the `CompanyDetails` operation of the `MailManager` module. **Recommendations** For VTiger CRM versions <= 8.1.0, update to a version higher than 8.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the `MailManager` module to minimize the risk of exploitation. Avoid using the `CompanyDetails` operation until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** VTiger CRM versions <= 8.1.0 **Description** The issue concerns incorrect user privilege checking, allowing a low-privileged user to interact directly with the "Migration" administrative module. This enables the user to disable arbitrary modules. **Recommendations** For VTiger CRM versions <= 8.1.0, update to a version that includes the necessary privilege checks to prevent low-privileged users from accessing the "Migration" administrative module. As a temporary workaround, consider restricting access to the "Migration" module to minimize the risk of exploitation.