Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that the attack vector results in a "You are not permitted to execute this Operation" error message in a 5.0.3 demo.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
vtiger CRM 远程验证漏洞
Vulnerability Description
vtiger CRM 5.0.3版本之前的版本的index.php允许远程验证用户可以借助对Users模块的一个DetailView操作中的修改的记录参数,获得所有用户的名字和e-mail地址以及更改用户设置。
CVSS Information
N/A
Vulnerability Type
N/A