CVE-2009-3257

2009-09-18T21:30:00
ID CVE-2009-3257
Type cve
Reporter cve@mitre.org
Modified 2017-12-07T21:36:00

Description

vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Account Billing Address and (2) Shipping Address fields in a profile by creating a Sales Order (SO) associated with that profile.