Vulnerability in Vtiger Vtiger_crm

CVE-2011-4679

vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report.

EPSS: 0.002 (36.7th percentile) — read the EPSS interpretation.

Affected products

Vtiger Vtiger_crm
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Exploit, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Exploit, Vendor Advisory)