exploitDog

CVE-2009-3257

Опубликовано: 18 сент. 2009

Источник: nvd

CVSS2: 3.6

EPSS Низкий

Описание

vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Account Billing Address and (2) Shipping Address fields in a profile by creating a Sales Order (SO) associated with that profile.

Ссылки

http://secunia.com/advisories/36309
Third Party Advisory
http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5055
Exploit
Vendor Advisory
http://secunia.com/advisories/36309
Third Party Advisory
http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5055
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*

Версия до 5.1.0 (исключая)

EPSS

Процентиль: 35%

0.00142

Низкий

3.6 Low

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-v894-3cgg-cmcx

github

почти 4 года назад

vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Account Billing Address and (2) Shipping Address fields in a profile by creating a Sales Order (SO) associated with that profile.

EPSS

Процентиль: 35%

0.00142

Низкий

3.6 Low

CVSS2

Дефекты

CWE-264