CVE-2008-3458

Vtiger CRM <5.0.4 - Info Disclosure

Title source: llm
STIX 2.1

Description

Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory.

References (7)

Core 7
Core References
Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27228
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/40218
Vendor Advisory x_refsource_confirm
http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28370
Exploit, Vendor Advisory x_refsource_misc
http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811

Scores

EPSS 0.0280
EPSS Percentile 84.8%

Details

CWE
CWE-200
Status published
Products (1)
vtiger/vtiger_crm < 5.0.3
Published Aug 04, 2008
Tracked Since Feb 18, 2026