Multiple cross site scripting, authentication bypass, SQL injection, file inclusion, and password hash disclosure flaws exist in vTiger versions 4.2 and below. Various details disclosed.
5cebea0b280288ffbeb4e2854a40c056858c7c6bd6909cddb3b0988a9a8c0f45