High severity8.1NVD Advisory· Published Aug 1, 2016· Updated May 6, 2026

CVE-2016-4834

Description

modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

code.vtiger.com/vtiger/vtigercrm/commit/7cdf9941197b4aa58114eafce3ce88fb418eb68cnvdIssue TrackingPatch
jvn.jp/en/jp/JVN01956993/index.htmlnvdThird Party AdvisoryVDB Entry
jvndb.jvn.jp/jvndb/JVNDB-2016-000126nvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/92076nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1036485nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000