Vulnerabilities > CVE-2007-3598 - Denial-Of-Service vulnerability in vtiger CRM
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that the attack vector results in a "You are not permitted to execute this Operation" error message in a 5.0.3 demo.