Vulnerability Description
WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vtiger | Vtiger Crm | <= 5.0.2 |
References
- http://osvdb.org/45784
- http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10845Patch
- http://trac.vtiger.com/cgi-bin/trac.cgi/report/9
- http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3790
- http://osvdb.org/45784
- http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10845Patch
- http://trac.vtiger.com/cgi-bin/trac.cgi/report/9
- http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3790
FAQ
What is CVE-2007-3600?
CVE-2007-3600 is a vulnerability with a CVSS score of 4.0 (MEDIUM). WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as ...
How severe is CVE-2007-3600?
CVE-2007-3600 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3600?
Check the references section above for vendor advisories and patch information. Affected products include: Vtiger Vtiger Crm.