CVE-2024-42995 Information

Description

VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the \Migration\ administrative module to disable arbitrary modules.

Reference

https://www.shielder.com/advisories/vtiger-migration-bac/