Vtiger Crm Security Vulnerabilities and Issues — Vtiger Crm CVE List

Lucene search

VtigerVtiger Crm

9 matches found

CVE•added 2007/07/06 7:30 p.m.•50 views

CVE-2007-3603

SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php.

6.5CVSS7.9AI score0.00474EPSS

CVE•added 2007/07/06 7:30 p.m.•47 views

CVE-2007-3604

vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php.

4CVSS6.4AI score0.00223EPSS

CVE•added 2007/07/06 7:30 p.m.•41 views

CVE-2007-3602

The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin.

5.5CVSS6.3AI score0.00244EPSS

CVE•added 2007/07/06 7:30 p.m.•40 views

CVE-2007-3617

The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries.

4CVSS6.4AI score0.00217EPSS

CVE•added 2007/07/06 7:30 p.m.•39 views

CVE-2007-3616

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module.

6.5CVSS6.4AI score0.00428EPSS

CVE•added 2007/07/06 7:30 p.m.•37 views

CVE-2007-3598

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that t...

5.5CVSS6.5AI score0.00218EPSS

CVE•added 2007/07/06 7:30 p.m.•36 views

CVE-2007-3601

vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view.

2.1CVSS6.2AI score0.00217EPSS

CVE•added 2007/07/06 7:30 p.m.•31 views

CVE-2007-3599

vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission.

8.5CVSS6.1AI score0.00181EPSS

CVE•added 2007/07/06 7:30 p.m.•30 views

CVE-2007-3600

WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module.

4CVSS6.5AI score0.00207EPSS