Moderate severityNVD Advisory· Published Dec 15, 2021· Updated Aug 3, 2024
Business Logic Errors in yetiforcecompany/yetiforcecrm
CVE-2021-4117
Description
yetiforcecrm is vulnerable to Business Logic Errors
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
yetiforce/yetiforce-crmPackagist | <= 6.3.0 | — |
Affected products
1- Range: unspecified
Patches
18dccd9344272Improved validation for weight fields
2 files changed · +2 −2
config/version.php+1 −1 modified@@ -1,7 +1,7 @@ <?php return [ - 'appVersion' => '6.3.6', + 'appVersion' => '6.3.7', 'patchVersion' => '2021.12.14', 'lib_roundcube' => '0.2.3', ];
install/install_schema/data.sql+1 −1 modified@@ -5175,7 +5175,7 @@ insert into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generate insert into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (15,2821,'accountid','vtiger_faq',1,10,'accountid','FL_ACCOUNT',0,2,'','4294967295',8,37,1,'V~O',1,0,'BAS',1,'',0,'',NULL,0,0,0,0,'',NULL); insert into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (6,2822,'taxes','vtiger_account',1,303,'taxes','FL_TAXES',0,2,'','65535',11,198,1,'V~O',1,0,'BAS',1,'',0,'',NULL,0,0,0,0,'',NULL); insert into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (6,2823,'accounts_available_taxes','vtiger_account',1,33,'accounts_available_taxes','FL_AVAILABLE_TAXES',0,2,'','65535',3,439,1,'V~O',1,0,'BAS',1,'',0,'',NULL,0,0,0,0,'',NULL); -insert into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (14,2824,'weight','vtiger_products',1,7,'weight','FL_WEIGHT',0,2,'','99999999',8,33,1,'NN~O',1,0,'BAS',1,'',0,'',NULL,0,0,0,0,'',NULL); +insert into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (14,2824,'weight','vtiger_products',1,7,'weight','FL_WEIGHT',0,2,'','0,99999999',8,33,1,'NN~O',1,0,'BAS',1,'',0,'',NULL,0,0,0,0,'',NULL); insert into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (95,2825,'payment_status','u_yf_finvoice',1,15,'payment_status','FL_PAYMENT_STATUS',1,2,'PLL_NOT_PAID','255',14,310,2,'V~O',1,0,'BAS',1,'',0,'',NULL,0,0,0,0,'',NULL); insert into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (90,2826,'payment_status','u_yf_ssingleorders',1,15,'payment_status','FL_PAYMENT_STATUS',1,2,'PLL_NOT_PAID','255',15,284,2,'V~O',1,0,'BAS',1,'',0,'',NULL,0,0,0,0,'',NULL); insert into `vtiger_field`(`tabid`,`fieldid`,`columnname`,`tablename`,`generatedtype`,`uitype`,`fieldname`,`fieldlabel`,`readonly`,`presence`,`defaultvalue`,`maximumlength`,`sequence`,`block`,`displaytype`,`typeofdata`,`quickcreate`,`quickcreatesequence`,`info_type`,`masseditable`,`helpinfo`,`summaryfield`,`fieldparams`,`header_field`,`maxlengthtext`,`maxwidthcolumn`,`visible`,`tabindex`,`color`,`icon`) values (34,2827,'description','vtiger_crmentity',1,300,'description','Description',0,2,'','65535',0,445,1,'V~O',1,0,'BAS',1,'',1,'','',0,0,0,0,'',NULL);
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-cxg7-84wp-8pcqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-4117ghsaADVISORY
- github.com/yetiforcecompany/yetiforcecrm/commit/8dccd93442725f245b4b71986bbe6f4f48639239ghsax_refsource_MISCWEB
- huntr.dev/bounties/0b81e572-bdc9-4caf-aa02-81f3c7ad7c0aghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.