CVE-2011-4679
published 2011-12-07CVE-2011-4679: vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass…
PriorityP416medium4CVSS 2.0
AVNACLAuSCNIPAN
EPSS
1.13%
62.4th percentile
vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vtiger | vtiger_crm | < 5.3.0 | 5.3.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7003http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7004http://wiki.vtiger.com/index.php/Oct2011:ODUpdatehttp://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7003http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7004http://wiki.vtiger.com/index.php/Oct2011:ODUpdate
2011-12-07
Published