VYPR
Unrated severityNVD Advisory· Published Sep 18, 2009· Updated Jun 16, 2026

CVE-2009-3257

CVE-2009-3257

Description

vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Account Billing Address and (2) Shipping Address fields in a profile by creating a Sales Order (SO) associated with that profile.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.