Unrated severityNVD Advisory· Published Aug 4, 2008· Updated Apr 23, 2026

CVE-2008-3458

Description

Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory.

Affected products

Vtiger/Vtiger CRM
cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*
Range: <=5.0.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/27228nvdPatchThird Party AdvisoryVDB Entry
trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811nvdExploitVendor Advisory
secunia.com/advisories/28370nvdThird Party Advisory
trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107nvdVendor Advisory
wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_NotesnvdVendor Advisory
sourceforge.net/project/shownotes.phpnvdBroken Link
www.osvdb.org/40218nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000