Unrated severityNVD Advisory· Published Jul 6, 2007· Updated Apr 23, 2026

CVE-2007-3600

Description

WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module.

Affected products

Vtiger/Vtiger CRM
cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*
Range: <=5.0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

trac.vtiger.com/cgi-bin/trac.cgi/changeset/10845nvdPatch
osvdb.org/45784nvd
trac.vtiger.com/cgi-bin/trac.cgi/report/9nvd
trac.vtiger.com/cgi-bin/trac.cgi/ticket/3790nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000