CVE-2016-4834 in CRMinfo

Summary

modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

05/17/2016

Disclosure

07/31/2016

Moderation

VulDB entry created

Entries

VDB-90398 (1)

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

6.3

EPSS

0.00606

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-4834
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-4834
CVE Details	https://www.cvedetails.com/cve/CVE-2016-4834/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!