vTiger team has released a security patch which will help prevent the Local File Inclusion, Local File Deletion, SQL Injection, PHP Code Injection, Cross site scripting, Arbitrary File Upload, Authentication Bypass vulnerabilities(SOAP API’s). You can download the patch from SourceForge or Office vTiger Link. Make sure you always backup  your files and the database.  To apply the security patch, simply overwrite the files in /vtigercrm/ directory. Feel free to contact us if you need help apply the patch.