Unrated severityNVD Advisory· Published Sep 18, 2009· Updated Jun 16, 2026
CVE-2009-3257
CVE-2009-3257
Description
vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Account Billing Address and (2) Shipping Address fields in a profile by creating a Sales Order (SO) associated with that profile.
Affected products
2Patches
Vulnerability mechanics
References
2- trac.vtiger.com/cgi-bin/trac.cgi/ticket/5055nvdExploitVendor Advisory
- secunia.com/advisories/36309nvdThird Party Advisory
News mentions
0No linked articles in our index yet.