CVE-2019-19202
First published: Thu Nov 21 2019(Updated: )
In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Vtiger Vtiger Crm | >=7.0<7.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-19202?
CVE-2019-19202 is a vulnerability in Vtiger CRM 7.x before 7.2.0 that allows a user without administrative privileges to change their own role.
What is the severity of CVE-2019-19202?
CVE-2019-19202 has a severity rating of 8.8 (high).
How does CVE-2019-19202 affect Vtiger CRM?
CVE-2019-19202 allows users without administrative privileges to modify their role in Vtiger CRM.
What is the CWE category of CVE-2019-19202?
CVE-2019-19202 is categorized under CWE-276 (Incorrect Default Permissions).
Are there any references available for CVE-2019-19202?
References for CVE-2019-19202 can be found at: http://lists.vtigercrm.com/pipermail/vtigercrm-developers/2019-April/037964.html and https://code.vtiger.com/vtiger/vtigercrm/issues/1126
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- vendor/vtiger
- canonical/vtiger vtiger crm
- version/vtiger vtiger crm/7.0