CVE-2019-19202

Published: 2019-11-21T20:15Z

Last Modified: 2024-11-21T04:34Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt