High severityNVD Advisory· Published Dec 15, 2021· Updated Aug 3, 2024

Business Logic Errors in yetiforcecompany/yetiforcecrm

CVE-2021-4111

Description

yetiforcecrm is vulnerable to Business Logic Errors

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
yetiforce/yetiforce-crmPackagist	<= 6.3.0	—

Affected products

Yetiforcecompany/Yetiforcecompany/yetiforcecrmv5
Range: unspecified

Patches

c1ad7111a090

Improved validation for multi-currency fields

https://github.com/yetiforcecompany/yetiforcecrmRadosław SkrzypczakDec 13, 2021via ghsa

commit

8 files changed · +76 −43

config/version.php+2 −2 modified

@@ -1,7 +1,7 @@
 <?php
 
 return [
-	'appVersion' => '6.3.2',
-	'patchVersion' => '2021.12.12',
+	'appVersion' => '6.3.3',
+	'patchVersion' => '2021.12.13',
 	'lib_roundcube' => '0.2.3',
 ];

install/install_schema/data.sql+2 −2 modified

@@ -3582,7 +3582,7 @@ insert  into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generate
 insert  into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (14,190,'createdtime','vtiger_crmentity',1,70,'createdtime','Created Time',0,0,'',NULL,19,31,2,'DT~O',3,NULL,'BAS',0,'',0,'',NULL,0,0,0,0,'',NULL);
 insert  into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (14,191,'modifiedtime','vtiger_crmentity',1,70,'modifiedtime','Modified Time',0,0,'',NULL,21,31,2,'DT~O',3,NULL,'BAS',0,'',0,'',NULL,0,0,0,0,'',NULL);
 insert  into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (14,192,'modifiedby','vtiger_crmentity',1,52,'modifiedby','Last Modified By',0,0,'','65535',22,31,2,'V~O',3,NULL,'BAS',0,'',0,'',NULL,0,0,0,0,'',NULL);
-insert  into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (14,193,'unit_price','vtiger_products',1,360,'unit_price','Unit Price',0,0,'','65535',1,32,1,'V~O',2,3,'BAS',0,'',1,'',NULL,0,0,0,0,'',NULL);
+insert  into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (14,193,'unit_price','vtiger_products',1,360,'unit_price','Unit Price',0,0,'','0,99999999',1,32,1,'V~O',2,3,'BAS',0,'',1,'',NULL,0,0,0,0,'',NULL);
 insert  into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (14,194,'commissionrate','vtiger_products',1,365,'commissionrate','Commission Rate',0,2,'','99999',2,32,2,'NN~O',1,NULL,'BAS',1,'',0,'',NULL,0,0,0,0,'',NULL);
 insert  into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (14,196,'usageunit','vtiger_products',1,15,'usageunit','Usage Unit',0,2,'','200',1,33,1,'V~O',1,NULL,'ADV',1,'',0,'',NULL,0,0,0,0,'',NULL);
 insert  into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (14,197,'qty_per_unit','vtiger_products',1,1,'qty_per_unit','Qty/Unit',0,2,'','999999999',2,33,1,'N~O',1,NULL,'ADV',1,'',0,'',NULL,0,0,0,0,'',NULL);
@@ -5169,7 +5169,7 @@ insert  into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generate
 insert  into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (13,2814,'response_expected','vtiger_troubletickets',1,79,'response_expected','FL_RESPONSE_EXPECTED',0,2,'',NULL,0,444,2,'DT~O',1,0,'BAS',1,'Detail',1,'','',0,0,0,0,'',NULL);
 insert  into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (13,2815,'solution_expected','vtiger_troubletickets',1,79,'solution_expected','FL_SOLUTION_EXPECTED',0,2,'',NULL,0,444,2,'DT~O',1,0,'BAS',1,'Detail',1,'','',0,0,0,0,'',NULL);
 insert  into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (13,2816,'idle_expected','vtiger_troubletickets',1,79,'idle_expected','FL_IDLE_DATE_EXPECTED',0,2,'',NULL,0,444,2,'DT~O',1,0,'BAS',1,'Detail',0,'',NULL,0,0,0,0,'',NULL);
-insert  into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (14,2817,'purchase','vtiger_products',1,360,'purchase','FL_PURCHASE',0,2,'','65535',6,32,1,'V~O',2,3,'BAS',0,'',1,'',NULL,0,0,0,0,'',NULL);
+insert  into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (14,2817,'purchase','vtiger_products',1,360,'purchase','FL_PURCHASE',0,2,'','0,99999999',6,32,1,'V~O',2,3,'BAS',0,'',1,'',NULL,0,0,0,0,'',NULL);
 insert  into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (90,2818,'ssingleorders_method_payments','u_yf_ssingleorders',1,16,'payment_methods','FL_PAYMENTS_METHOD',0,2,'','255',16,284,1,'V~O',1,0,'BAS',1,'',0,'',NULL,0,0,0,0,'',NULL);
 insert  into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (35,2819,'purchase','vtiger_service',1,360,'purchase','FL_COST',0,2,'','65535',4,92,1,'V~O',2,3,'BAS',0,'',1,'',NULL,0,0,0,0,'',NULL);
 insert  into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (15,2821,'accountid','vtiger_faq',1,10,'accountid','FL_ACCOUNT',0,2,'','4294967295',8,37,1,'V~O',1,0,'BAS',1,'',0,'',NULL,0,0,0,0,'',NULL);

layouts/basic/modules/Vtiger/Edit/CurrenciesModal.tpl+19 −19 modified

@@ -9,7 +9,7 @@
 						{\App\Language::translate($FIELD_MODEL->getFieldLabel(), $MODULE_NAME)}
 					</h5>
 					<button type="button" class="close" data-dismiss="modal"
-							title="{\App\Language::translate('LBL_CLOSE')}">
+						title="{\App\Language::translate('LBL_CLOSE')}">
 						<span aria-hidden="true">&times;</span>
 					</button>
 				</div>
@@ -34,36 +34,36 @@
 										</span>
 										<span class="ml-1">
 											<input type="checkbox" value="1"
-												   id="cur_{$CURRENCY_ID}_check"
-												   class="small float-right js-enable-currency"
-												   data-js="change">
+												id="cur_{$CURRENCY_ID}_check"
+												class="small float-right js-enable-currency"
+												data-js="change">
 										</span>
 									</span>
 								</td>
 								<td class="align-middle">
 									<div class="row justify-content-center">
 										<input name="{$ITEM['name']}" type="text" value=""
-											   size="10" id="{$ITEM['name']}"
-											   class="col-md-9 js-format-numer js-converted-price form-control"
-											   data-validation-engine="validate[funcCall[Vtiger_Currency_Validator_Js.invokeValidation]]"
-											   data-fieldinfo="{\App\Purifier::encodeHtml(\App\Json::encode($ITEM.fieldInfo))}"
-											   data-js="value" disabled="disabled"/>
+											size="10" id="{$ITEM['name']}"
+											class="col-md-9 js-format-numer js-converted-price form-control"
+											data-validation-engine="validate[funcCall[Vtiger_Currency_Validator_Js.invokeValidation]]"
+											data-fieldinfo="{\App\Purifier::encodeHtml(\App\Json::encode($ITEM.fieldInfo))}"
+											data-js="value" disabled="disabled" />
 									</div>
 								</td>
 								<td class="align-middle">
 									<div class="row justify-content-center">
-										<input name="currencies[{$CURRENCY_ID}]['rate']"
-											   value="{App\Fields\Double::formatToDisplay($ITEM['conversionRate'], false)}"
-											   class="col-md-9 js-conversion-rate form-control" type="text" size="10"
-											   readonly="readonly" disabled="disabled">
+										<input name="currencies[{$CURRENCY_ID}][rate]"
+											value="{App\Fields\Double::formatToDisplay($ITEM['conversionRate'], false)}"
+											class="col-md-9 js-conversion-rate form-control" type="text" size="10"
+											readonly="readonly" disabled="disabled">
 									</div>
 								</td>
 								<td class="align-middle">
 									<div class="row justify-content-center">
 										<button type="button" class="btn btn-light js-currency-reset resetButton"
-												id="cur_reset{$CURRENCY_ID}"
-												value="{\App\Language::translate('LBL_RESET',$MODULE_NAME)}"
-												data-js="click">
+											id="cur_reset{$CURRENCY_ID}"
+											value="{\App\Language::translate('LBL_RESET',$MODULE_NAME)}"
+											data-js="click">
 											<span class="fas fa-undo mr-1"></span>
 											{\App\Language::translate('LBL_RESET',$MODULE_NAME)}
 										</button>
@@ -72,9 +72,9 @@
 								<td class="align-middle">
 									<div class="row justify-content-center">
 										<input name="baseCurrencyRadio" value="{$ITEM['name']}"
-											   class="js-base-currency" type="radio" disabled="disabled"
-											   title="{\App\Language::translate('LBL_BASE_CURRENCY')}"
-											   data-js="checked"/>
+											class="js-base-currency" type="radio" disabled="disabled"
+											title="{\App\Language::translate('LBL_BASE_CURRENCY')}"
+											data-js="checked" />
 									</div>
 								</td>
 							</tr>

layouts/basic/modules/Vtiger/Edit/Field/MultiCurrency.tpl+3 −2 modified

@@ -2,6 +2,7 @@
 {strip}
 	<!-- tpl-Base-Edit-Field-MultiCurrency -->
 	{assign var=SPECIAL_VALIDATOR value=$FIELD_MODEL->getValidator()}
+	{assign var=FIELD_INFO value=\App\Purifier::encodeHtml(\App\Json::encode($FIELD_MODEL->getFieldInfo()))}
 	{assign var=FIELD_NAME value=$FIELD_MODEL->getName()}
 	{assign var="MODULE_NAME" value=$FIELD_MODEL->getModuleName()}
 	{assign var="SYMBOL_PLACEMENT_ON_RIGHT" value=$USER_MODEL->get('currency_symbol_placement') eq '1.0$'}
@@ -28,8 +29,8 @@
 			{/if}
 			<input id="{$MODULE_NAME}-editview-fieldname-{$FIELD_NAME}" type="text" value="{$FIELD_MODEL->getEditViewDisplayValue($FIELD_MODEL->get('fieldvalue'), $RECORD)}"
 				class="col-md-12 js-multicurrency-field js-format-numer form-control{if $SYMBOL_PLACEMENT_ON_RIGHT} textAlignRight{/if}"
-				title="{\App\Language::translate($FIELD_MODEL->getFieldLabel(), $MODULE_NAME)}" tabindex="{$TABINDEX}"
-				{if $FIELD_MODEL->isEditableReadOnly()}disabled="disabled" {else}data-validation-engine="validate[{if $FIELD_MODEL->isMandatory() eq true} required,{/if}funcCall[Vtiger_Base_Validator_Js.invokeValidation]]" {/if}>
+				title="{\App\Language::translate($FIELD_MODEL->getFieldLabel(), $MODULE_NAME)}" tabindex="{$TABINDEX}" data-fieldinfo="{$FIELD_INFO}"
+				{if $FIELD_MODEL->isEditableReadOnly()} disabled="disabled" {else}data-validation-engine="validate[{if $FIELD_MODEL->isMandatory() eq true} required,{/if}funcCall[Vtiger_Base_Validator_Js.invokeValidation]]" {/if} {if !empty($SPECIAL_VALIDATOR)}data-validator='{\App\Purifier::encodeHtml(\App\Json::encode($SPECIAL_VALIDATOR))}' {/if}>
 			{if $SYMBOL_PLACEMENT_ON_RIGHT}
 				{FUNC_CURRENCY_SYMBOL_PLACEMENT CURRENCY_SYMBOL=$CURRENCY_SYMBOL}
 			{/if}

modules/Vtiger/models/Field.php+15 −5 modified

@@ -589,13 +589,13 @@ public function getPicklistValues($skipCheckingRole = false)
 				$picklistValues = App\Fields\Picklist::getValuesName($this->getName());
 			}
 			foreach ($picklistValues as $value) {
-				$fieldPickListValues[$value] = \App\Language::translate($value, $this->getModuleName(),false,false);
+				$fieldPickListValues[$value] = \App\Language::translate($value, $this->getModuleName(), false, false);
 			}
 			// Protection against deleting a value that does not exist on the list
 			if ('picklist' === $fieldDataType) {
 				$fieldValue = $this->get('fieldvalue');
 				if (!empty($fieldValue) && !isset($fieldPickListValues[$fieldValue])) {
-					$fieldPickListValues[$fieldValue] = \App\Language::translate($fieldValue, $this->getModuleName(),false,false);
+					$fieldPickListValues[$fieldValue] = \App\Language::translate($fieldValue, $this->getModuleName(), false, false);
 					$this->set('isEditableReadOnly', true);
 				}
 			}
@@ -1142,11 +1142,11 @@ public function getProfileReadWritePermission()
 	}
 
 	/**
-	 * Function returns Client Side Validators name.
+	 * Gets default validator.
 	 *
-	 * @return <Array> [name=>Name of the Validator, params=>Extra Parameters]
+	 * @return array
 	 */
-	public function getValidator()
+	public function getDefaultValidator(): array
 	{
 		$validator = [];
 		$fieldName = $this->getName();
@@ -1225,6 +1225,16 @@ public function getValidator()
 		return $validator;
 	}
 
+	/**
+	 * Function returns Client Side Validators name.
+	 *
+	 * @return array [name=>Name of the Validator, params=>Extra Parameters]
+	 */
+	public function getValidator()
+	{
+		return method_exists($this->getUITypeModel(), 'getValidator') ? $this->getUITypeModel()->getValidator() : $this->getDefaultValidator();
+	}
+
 	/**
 	 * Function to retrieve display value in edit view.
 	 *

modules/Vtiger/uitypes/MultiCurrency.php+21 −5 modified

@@ -28,6 +28,16 @@ public function getDBValue($value, $recordModel = false)
 		return \App\Json::encode($data);
 	}
 
+	/**
+	 * Get validator.
+	 *
+	 * @return array
+	 */
+	public function getValidator(): array
+	{
+		return [['name' => 'Currency']];
+	}
+
 	/** {@inheritdoc} */
 	public function validate($value, $isUserFormat = false)
 	{
@@ -38,19 +48,25 @@ public function validate($value, $isUserFormat = false)
 			$value = \App\Json::decode($value);
 		}
 		if (!\is_array($value)) {
-			throw new \App\Exceptions\Security('ERR_ILLEGAL_FIELD_VALUE||' . $this->getFieldModel()->getFieldName() . '||' . $this->getFieldModel()->getModuleName() . '||' . $value, 406);
+			throw new \App\Exceptions\Security('ERR_ILLEGAL_FIELD_VALUE||' . $this->getFieldModel()->getName() . '||' . $this->getFieldModel()->getModuleName() . '||' . $value, 406);
 		}
 		$currencies = \App\Fields\Currency::getAll(true);
 		foreach ($value['currencies'] ?? [] as $id => $currency) {
 			if (!isset($currencies[$id])) {
-				throw new \App\Exceptions\Security('ERR_ILLEGAL_FIELD_VALUE||' . $this->getFieldModel()->getFieldName() . '||' . $this->getFieldModel()->getModuleName() . '||' . $id, 406);
+				throw new \App\Exceptions\Security('ERR_ILLEGAL_FIELD_VALUE||' . $this->getFieldModel()->getName() . '||' . $this->getFieldModel()->getModuleName() . '||' . $id, 406);
 			}
 			$price = $currency['price'];
 			if ($isUserFormat) {
 				$price = App\Fields\Double::formatToDb($price);
 			}
 			if (!is_numeric($price)) {
-				throw new \App\Exceptions\Security('ERR_ILLEGAL_FIELD_VALUE||' . $this->getFieldModel()->getFieldName() . '||' . $this->getFieldModel()->getModuleName() . '||' . $price, 406);
+				throw new \App\Exceptions\Security('ERR_ILLEGAL_FIELD_VALUE||' . $this->getFieldModel()->getName() . '||' . $this->getFieldModel()->getModuleName() . '||' . $price, 406);
+			}
+			if ($maximumLength = $this->getFieldModel()->get('maximumlength')) {
+				[$minimumLength, $maximumLength] = false !== strpos($maximumLength, ',') ? explode(',', $maximumLength) : [-$maximumLength, $maximumLength];
+				if ((float) $minimumLength > $price || (float) $maximumLength < $price) {
+					throw new \App\Exceptions\Security('ERR_VALUE_IS_TOO_LONG||' . $this->getFieldModel()->getName() . '||' . $this->getFieldModel()->getModuleName() . "||{$maximumLength} < {$price} < {$minimumLength}", 406);
+				}
 			}
 		}
 	}
@@ -131,12 +147,12 @@ public function getEditViewFormatData($value)
 	public function getCurrencies()
 	{
 		$priceDetails = [];
-		$params = ['uitype' => 71, 'displaytype' => 1, 'typeofdata' => 'N~O', 'isEditableReadOnly' => false, 'maximumlength' => '99999999999999999'];
+		$params = ['uitype' => 71, 'displaytype' => 1, 'typeofdata' => 'N~O', 'isEditableReadOnly' => false, 'maximumlength' => $this->getFieldModel()->get('maximumlength')];
 		$fieldModel = new \Vtiger_Field_Model();
 		$fieldModel->setModule($this->getFieldModel()->getModule());
 		$fieldInfo = $fieldModel->setData($params)->getFieldInfo();
 		foreach (\App\Fields\Currency::getAll(true) as $id => $currency) {
-			$name = "currencies[$id]['value']";
+			$name = "currencies[$id][value]";
 			$fieldInfo['name'] = $name;
 			$priceDetails[$id] = [
 				'name' => $name,

public_html/layouts/resources/validator/BaseValidator.js+4 −4 modified

@@ -27,7 +27,7 @@ jQuery.Class(
 				}
 			}
 			let listOfValidators = Vtiger_Base_Validator_Js.getValidator(field);
-			for (let i = 0; i < listOfValidators.length; i++) {
+			for (let i in listOfValidators) {
 				let validatorList = listOfValidators[i],
 					validatorName = validatorList.name,
 					validatorInstance = new validatorName(),
@@ -77,12 +77,12 @@ jQuery.Class(
 			}
 			if (fieldData.hasOwnProperty(dataValidator)) {
 				let specialValidators = fieldData[dataValidator];
-				for (key in specialValidators) {
+				for (let s in specialValidators) {
 					//IE for loop fix
-					if (!specialValidators.hasOwnProperty(key)) {
+					if (!specialValidators.hasOwnProperty(s)) {
 						continue;
 					}
-					let specialValidator = specialValidators[key],
+					let specialValidator = specialValidators[s],
 						tempSpecialValidator = jQuery.extend({}, specialValidator),
 						validatorOfNames = Vtiger_Base_Validator_Js.getValidatorClassName(specialValidator.name);
 					if (validatorOfNames !== '') {

public_html/layouts/resources/validator/FieldValidator.js+10 −4 modified

@@ -1023,10 +1023,16 @@ Vtiger_Base_Validator_Js(
 				return false;
 			}
 			const maximumLength = typeof fieldData.fieldinfo !== 'undefined' ? fieldData.fieldinfo.maximumlength : null;
-			if (maximumLength && strippedValue > parseFloat(maximumLength)) {
-				errorInfo = app.vtranslate('JS_ERROR_MAX_VALUE');
-				this.setError(errorInfo);
-				return false;
+			if (maximumLength) {
+				let ranges = maximumLength.split(',');
+				if (
+					(ranges.length === 2 && (strippedValue > parseFloat(ranges[1]) || strippedValue < parseFloat(ranges[0]))) ||
+					(ranges.length === 1 && (strippedValue > parseFloat(ranges[0]) || strippedValue < 0))
+				) {
+					errorInfo = app.vtranslate('JS_ERROR_MAX_VALUE');
+					this.setError(errorInfo);
+					return false;
+				}
 			}
 			return true;
 		}

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-7v7w-f7c6-f829ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-4111ghsaADVISORY
github.com/yetiforcecompany/yetiforcecrm/commit/c1ad7111a090adfcd5898af40724907adc987acfghsax_refsource_MISCWEB
huntr.dev/bounties/8afc8981-baff-4082-b640-be535b29eb9aghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000