CVE-2007-3598
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that the attack vector results in a "You are not permitted to execute this Operation" error message in a 5.0.3 demo.
index.php de vtiger CRM versiones anteriores a 5.0.3 permite a usuarios remotos autenticados obtener todos los nombres de usuario y direcciones de correo electrónico, y posiblemente cambiar propiedades de usuario, mediante un parámetro de registro modificado en una acción DetailView en el módulo Users. NOTA: El fabricante impugna el cambio de propiedades, argumentando que el vector de ataque concluye con un mensaje de error "No estás autorizado a ejecutar esta Operación" en una demostración 5.0.3.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-07-06 CVE Reserved
- 2007-07-06 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://forums.vtiger.com/viewtopic.php?p=38609 | X_refsource_misc | |
| http://trac.vtiger.com/cgi-bin/trac.cgi/report/9 | X_refsource_confirm | |
| http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2664 | X_refsource_confirm | |
| http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2985 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vtiger Search vendor "Vtiger" | Vtiger Crm Search vendor "Vtiger" for product "Vtiger Crm" | <= 5.0.2 Search vendor "Vtiger" for product "Vtiger Crm" and version " <= 5.0.2" | - |
Affected
| ||||||