Samuel De Grace

**Name of the Vulnerable Software and Affected Versions** Vtiger versions prior to 7.2.0 **Description** The issue concerns the My Preferences saving functionality, which allows a user without administrative privileges to change their own role. This can be achieved by adding `roleid=H2` to a POST request. **Recommendations** For versions prior to 7.2.0, update to version 7.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Vtiger CRM versions prior to 7.1.0 hotfix3 **Description** The issue allows authenticated users to execute arbitrary SQL commands due to a SQL injection vulnerability. **Recommendations** For versions prior to 7.1.0 hotfix3, update to version 7.1.0 hotfix3 or later to resolve the issue.