CVE-2007-6222

Name of the Vulnerable Software and Affected Versions CRM-CTT Interleave versions prior to 4.2.0

Description The issue concerns the CheckCustomerAccess function in functions.php, which fails to properly verify user privileges. This allows remote authenticated users with the LIMITTOCUSTOMERS privilege to bypass intended access restrictions and edit non-active user settings.

Recommendations For versions prior to 4.2.0, update to version 4.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the CheckCustomerAccess function or limiting the privileges of users with the LIMITTOCUSTOMERS privilege until a patch is applied.