Vulnerabilities > Vtiger > Vtiger CRM > 5.0.3

DATE CVE VULNERABILITY TITLE RISK
2009-09-18 CVE-2009-3257 Permissions, Privileges, and Access Controls vulnerability in Vtiger CRM
vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Account Billing Address and (2) Shipping Address fields in a profile by creating a Sales Order (SO) associated with that profile.
network
high complexity
vtiger CWE-264
3.6
2009-09-18 CVE-2009-3251 Permissions, Privileges, and Access Controls vulnerability in Vtiger CRM
include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the (1) visibility, (2) location, and (3) recurrence fields of a calendar via a custom view.
network
low complexity
vtiger CWE-264
4.0
2008-08-04 CVE-2008-3458 Information Exposure vulnerability in Vtiger CRM
Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory.
network
low complexity
vtiger CWE-200
5.0