Unrated severityNVD Advisory· Published Jul 6, 2007· Updated Apr 23, 2026

CVE-2007-3604

Description

vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php.

Affected products

Vtiger/Vtiger CRM
cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*
Range: <=5.0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

trac.vtiger.com/cgi-bin/trac.cgi/changeset/10423nvdPatch
forums.vtiger.com/viewtopic.phpnvd
osvdb.org/45783nvd
trac.vtiger.com/cgi-bin/trac.cgi/report/9nvd
trac.vtiger.com/cgi-bin/trac.cgi/ticket/3196nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000