CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-19202

In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.7%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

http://lists.vtigercrm.com/pipermail/vtigercrm-developers/2019-April/037964.html
https://code.vtiger.com/vtiger/vtigercrm/issues/1126
http://lists.vtigercrm.com/pipermail/vtigercrm-developers/2019-April/037964.html
https://code.vtiger.com/vtiger/vtigercrm/issues/1126

Products affected by CVE-2019-19202

Vtiger » Vtiger Crm » Version: 7.0

cpe:2.3:a:vtiger:vtiger_crm:7.0
Vtiger » Vtiger Crm » Version: 7.0.1

cpe:2.3:a:vtiger:vtiger_crm:7.0.1
Vtiger » Vtiger Crm » Version: 7.1.0

cpe:2.3:a:vtiger:vtiger_crm:7.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-19202

Products

Pricing

Contact Us