Security: Incorrect validation of Permissions

modules\Vtiger\actions\DeleteImage.php (you can delete any document regardless of your permissions because Vtiger, for the purpose of security, checks a parameter that doesn’t exist). modules\Vtiger\actions\ExportData.php (here the problem is that Vtiger checks permissions to a different module than the one you’re exporting) modules\Vtiger\actions\MassSave.php (permissions to edit field are not verified so you can edit any field even if you don’t have permissions to save) modules\Vtiger\actions\RelatedRecordsAjax.php (no verification of permissions to calculate the number of related records, it allows you to check if a record exists and how many related records there are) modules\Vtiger\actions\RelationAjax.php - no verification of permissions to all actions which allows you to add relations between records, remove relations, check the number of related records, get the label of any record modules\Vtiger\actions\SaveStar.php - No verification of permissions to mark records modules\Vtiger\actions\TagCloud.php - No verification of permissions to use tags, it is possible to add tags to any record, download all tags and delete tags modules\Vtiger\views\EmailsRelatedModulePopup.php - No verification of permissions to the Users module, it is possible to display all users. index.php?module=Users&view=EmailsRelatedModulePopup&name=CalendarActivities&type=all modules\Vtiger\views\ExportExtensionLog.php - No verification of permissions to download logs from WSAPP modules\Vtiger\views\ExtensionViews.php - No verification of permissions to download logs from WSAPP