vtiger CRM Leads Module Security Bypass Vulnerability
BID:51024
Info
vtiger CRM Leads Module Security Bypass Vulnerability
| Bugtraq ID: | 51024 |
| Class: | Access Validation Error |
| CVE: |
CVE-2011-4679 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 04 2011 12:00AM |
| Updated: | Jan 04 2011 12:00AM |
| Credit: | pratim |
| Vulnerable: |
vtiger vtiger CRM 5.2.1 vtiger vtiger CRM 5.2 vtiger vtiger CRM 5.0.4 vtiger vtiger CRM 5.0.3 vtiger vtiger CRM 4.2.4 vtiger vtiger CRM 4.2 vtiger vtiger CRM 5.0.4 RC |
| Not Vulnerable: |
vtiger vtiger CRM 5.3 |
Discussion
vtiger CRM Leads Module Security Bypass Vulnerability
vtiger CRM is prone to a security-bypass vulnerability.
Attackers may exploit the issue to bypass certain unspecified security restrictions and gain unauthorized access.
Versions prior to vtiger CRM 5.3.0 are vulnerable.
vtiger CRM is prone to a security-bypass vulnerability.
Attackers may exploit the issue to bypass certain unspecified security restrictions and gain unauthorized access.
Versions prior to vtiger CRM 5.3.0 are vulnerable.
Exploit / POC
vtiger CRM Leads Module Security Bypass Vulnerability
Currently we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
vtiger CRM Leads Module Security Bypass Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
vtiger CRM Leads Module Security Bypass Vulnerability
References:
References:
- Field disable in Profile or field access are still visible to non admin user in (vtiger)
- Oct2011:ODUpdate (vtiger)
- vtiger Homepage (vtiger)