OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no workarounds that address this vulnerability and all users are advised to update their package.
{
"unresolved_ranges": [
{
"source": "CPE_RANGE",
"vendor_product": "oroinc:client_relationship_management",
"extracted_events": [
{
"introduced": "3.1.0"
},
{
"last_affected": "3.1.24"
},
{
"introduced": "4.1.0"
},
{
"last_affected": "4.1.15"
}
],
"cpes": [
"cpe:2.3:a:oroinc:client_relationship_management:*:*:*:*:*:*:*:*"
]
}
]
}