CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3251
https://notcve.org/view.php?id=CVE-2009-3251
include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the (1) visibility, (2) location, and (3) recurrence fields of a calendar via a custom view. include/utils/ListViewUtils.php en vtiger CRM anteriores a 5.1.0 permite a usuarios remotos autenticados evitar las restricciones de acceso previstas y leer los campos (1) visibilidad, (2) localización, y (3) recurrencia de un calendario a través de una vista personalizada. • http://secunia.com/advisories/36309 http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/12407 http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/4208 http://www.osvdb.org/57241 • CWE-264: Permissions, Privileges, and Access Controls •