PT-2024-30248 · Vtiger · Vtiger Crm

Davide Silvetti

Published

2024-08-16

Updated

2024-08-28

CVE-2024-42995

CVSS v3.1

8.3

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Name of the Vulnerable Software and Affected Versions VTiger CRM versions <= 8.1.0

Description The issue concerns incorrect user privilege checking, allowing a low-privileged user to interact directly with the "Migration" administrative module. This enables the user to disable arbitrary modules.

Recommendations For VTiger CRM versions <= 8.1.0, update to a version that includes the necessary privilege checks to prevent low-privileged users from accessing the "Migration" administrative module. As a temporary workaround, consider restricting access to the "Migration" module to minimize the risk of exploitation.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2024-42995

Affected Products

Vtiger Crm

PT-2024-30248 · Vtiger · Vtiger Crm

CVE-2024-42995

Weakness Enumeration

Related Identifiers

Affected Products

References · 7