6 matches found
CVE-2014-2268
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the dbname...
CVE-2014-2268
CVE-2014-2268 affects vtiger CRM 6.0 Install module prior to Security Patch 2, where access restrictions are insufficient and a crafted request (including X-Requested-With) can re-install the app and execute arbitrary PHP via the db_name parameter. Public indicators of exploitation exist (e.g., M...
Vtiger - 'Install' Remote Command Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Vtiger Install Unauthenticated Remote Command Execution', 'Description' = %q This module exploits an arbitrary command execution...
CVE-2014-2268
creationtimestamp| type| source ---|---|--- 2014-04-10 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/32794 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/vtigerinstallrce.rb 2025-02-06 03:13:41+00:00| seen|...
Vtiger Install Unauthenticated Remote Command Execution Exploit
This Metasploit module exploits an arbitrary command execution vulnerability in the Vtiger install script. This Metasploit module is set to ManualRanking due to this module overwriting the target database configuration, which may result in a broken web app, and you may not be able to get a sessio...
Vtiger Install Unauthenticated Remote Command Execution
This module exploits an arbitrary command execution vulnerability in the Vtiger install script. This module is set to ManualRanking due to this module overwriting the target database configuration, which may result in a broken web app, and you may not be able to get a session again. This module...