Vulnerabilities > Vtiger > Vtiger CRM > 5.0.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-09-18 | CVE-2009-3257 | Permissions, Privileges, and Access Controls vulnerability in Vtiger CRM vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Account Billing Address and (2) Shipping Address fields in a profile by creating a Sales Order (SO) associated with that profile. | 3.6 |
2009-09-18 | CVE-2009-3251 | Permissions, Privileges, and Access Controls vulnerability in Vtiger CRM include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the (1) visibility, (2) location, and (3) recurrence fields of a calendar via a custom view. | 4.0 |
2008-08-04 | CVE-2008-3458 | Information Exposure vulnerability in Vtiger CRM Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory. | 5.0 |