CVE-2007-3604 Information

Description

vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization possibly involving modules/Potentials/Potentials.php.

Reference

http://forums.vtiger.com/viewtopic.php?p=44717 http://osvdb.org/45783 http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10423 http://trac.vtiger.com/cgi-bin/trac.cgi/report/9 http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3196