2 matches found
CVE-2007-3598
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that...
CVE-2007-3598
The CVE-2007-3598 issue affects vtiger CRM up to version 5.0.2 (vendor states 5.0.3) where a manipulated DetailView record parameter in the Users module allows remote authenticated users to view all users’ names and e‑mail addresses and possibly alter user settings, exposing Partial confidentiali...