Lucene search
K

6 matches found

NVD
NVD
added 2014/11/16 1:59 a.m.15 views

CVE-2014-2268

views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the dbname...

5CVSS6.8AI score0.31212EPSS
Exploits9References4
CVE
CVE
added 2014/11/16 1:0 a.m.78 views

CVE-2014-2268

CVE-2014-2268 affects vtiger CRM 6.0 Install module prior to Security Patch 2, where access restrictions are insufficient and a crafted request (including X-Requested-With) can re-install the app and execute arbitrary PHP via the db_name parameter. Public indicators of exploitation exist (e.g., M...

5CVSS6.9AI score0.31212EPSS
Exploits9References4Affected Software1
Exploit DB
Exploit DB
added 2014/04/10 12:0 a.m.47 views

Vtiger - 'Install' Remote Command Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Vtiger Install Unauthenticated Remote Command Execution', 'Description' = %q This module exploits an arbitrary command execution...

7.4AI score
Exploits0
Circl
Circl
added 2014/04/10 12:0 a.m.10 views

CVE-2014-2268

creationtimestamp| type| source ---|---|--- 2014-04-10 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/32794 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/vtigerinstallrce.rb 2025-02-06 03:13:41+00:00| seen|...

5CVSS5.7AI score0.31212EPSS
Exploits9References2
0day.today
0day.today
added 2014/04/09 12:0 a.m.31 views

Vtiger Install Unauthenticated Remote Command Execution Exploit

This Metasploit module exploits an arbitrary command execution vulnerability in the Vtiger install script. This Metasploit module is set to ManualRanking due to this module overwriting the target database configuration, which may result in a broken web app, and you may not be able to get a sessio...

5CVSS0.7AI score0.31212EPSS
Exploits10
Metasploit
Metasploit
added 2014/04/04 8:16 a.m.33 views

Vtiger Install Unauthenticated Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the Vtiger install script. This module is set to ManualRanking due to this module overwriting the target database configuration, which may result in a broken web app, and you may not be able to get a session again. This module...

6.4CVSS0.8AI score0.31212EPSS
Exploits10
Rows per page
Query Builder