QwikSec

Security Database

CVE

CWE

Training

CVE-2007-6222

Published: Dec 4, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

The CheckCustomerAccess function in functions.php in CRM-CTT Interleave before 4.2.0 (formerly CRM-CTT) does not properly verify user privileges, which allows remote authenticated users with the LIMITTOCUSTOMERS privilege to bypass intended access restrictions and edit non-active user settings. NOTE: some of these details are obtained from third party information.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

http://sourceforge.net/project/shownotes.php?release_id=558602&group_id=61096

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

crmctt-checkcustomeraccess-security-bypass(38808)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.