CVE-2019-19202
Vulnerability CVE-2019-19202 affects Vtiger CRM 7.x prior to 7.2.0. A My Preferences POST request flaw allows a user without administrative privileges to elevate themselves by adding roleid=H2, enabling an unwanted change to their own role. This constitutes an elevation of privilege with potentia...