CVE-2007-3604

Name of the Vulnerable Software and Affected Versions vtiger CRM versions prior to 5.0.3

Description The issue allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization. This possibly involves the modules/Potentials/Potentials.php module.

Recommendations For versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Analytics DashBoard menu and the modules/Potentials/Potentials.php module to minimize the risk of exploitation.