Vulnerabilities > Vtiger > Vtiger CRM > 5.1.0
|2009-09-18||CVE-2009-3258|| Permissions, Privileges, and Access Controls vulnerability in Vtiger CRM |
vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete (1) attachments, (2) reports, (3) filters, (4) views, and (5) tickets; insert (6) attachments, (7) reports, (8) filters, (9) views, and (10) tickets; and edit (11) reports, (12) filters, (13) views, and (14) tickets via unspecified vectors.
| 9.0 |
|2009-09-18||CVE-2009-3251|| Permissions, Privileges, and Access Controls vulnerability in Vtiger CRM |
include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the (1) visibility, (2) location, and (3) recurrence fields of a calendar via a custom view.
| 4.0 |