CVE-2007-3617 Information

Description

The report module in vtiger CRM before 5.0.3 does not properly apply security rules which allows remote authenticated users to read arbitrary private module entries.

Reference

http://osvdb.org/45804 http://trac.vtiger.com/cgi-bin/trac.cgi/report/9 http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2692