CVE-2014-2268CVE-2014-2268

Affected configuration(s):

cpe:/a:vtiger:vtiger_crm:1.0
cpe:/a:vtiger:vtiger_crm:2.0
cpe:/a:vtiger:vtiger_crm:2.0.1
cpe:/a:vtiger:vtiger_crm:2.1
cpe:/a:vtiger:vtiger_crm:3.0
cpe:/a:vtiger:vtiger_crm:3.0:beta
cpe:/a:vtiger:vtiger_crm:3.2
cpe:/a:vtiger:vtiger_crm:4
cpe:/a:vtiger:vtiger_crm:4:beta
cpe:/a:vtiger:vtiger_crm:4:rc1
cpe:/a:vtiger:vtiger_crm:4.0
cpe:/a:vtiger:vtiger_crm:4.0.1
cpe:/a:vtiger:vtiger_crm:4.2
cpe:/a:vtiger:vtiger_crm:4.2.4
cpe:/a:vtiger:vtiger_crm:5.0.0
cpe:/a:vtiger:vtiger_crm:5.0.1
cpe:/a:vtiger:vtiger_crm:5.0.2
cpe:/a:vtiger:vtiger_crm:5.0.3
cpe:/a:vtiger:vtiger_crm:5.0.4
cpe:/a:vtiger:vtiger_crm:5.0.4:rc
cpe:/a:vtiger:vtiger_crm:5.1.0
cpe:/a:vtiger:vtiger_crm:5.1.0:rc
cpe:/a:vtiger:vtiger_crm:5.2.0
cpe:/a:vtiger:vtiger_crm:5.2.1
cpe:/a:vtiger:vtiger_crm:5.3.0
cpe:/a:vtiger:vtiger_crm:5.4.0
cpe:/a:vtiger:vtiger_crm:6.0.0
cpe:/a:vtiger:vtiger_crm:6.0.0:beta
cpe:/a:vtiger:vtiger_crm:6.0.0:rc
cpe:/a:vtiger:vtiger_crm:6.0.0:sp1

Date published: 2014-11-15T20:59:00.130-05:00

Date last modified: 2017-11-20T13:27:19.483-05:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://vtiger-crm.2324883.n4.nabble.com/Vtigercrm-developers-IMP-forgot-password-and-re-installation-security-fix-tt9786.html

Summary: views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.