5
CVE-2014-2268
- EPSS 77.29%
- Veröffentlicht 16.11.2014 01:59:00
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Loginviews/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Vtiger ≫ Vtiger Crm Version1.0
Vtiger ≫ Vtiger Crm Version2.0
Vtiger ≫ Vtiger Crm Version2.0.1
Vtiger ≫ Vtiger Crm Version2.1
Vtiger ≫ Vtiger Crm Version3.0
Vtiger ≫ Vtiger Crm Version3.0 Updatebeta
Vtiger ≫ Vtiger Crm Version3.2
Vtiger ≫ Vtiger Crm Version4
Vtiger ≫ Vtiger Crm Version4 Updatebeta
Vtiger ≫ Vtiger Crm Version4 Updaterc1
Vtiger ≫ Vtiger Crm Version4.0
Vtiger ≫ Vtiger Crm Version4.0.1
Vtiger ≫ Vtiger Crm Version4.2
Vtiger ≫ Vtiger Crm Version4.2.4
Vtiger ≫ Vtiger Crm Version5.0.0
Vtiger ≫ Vtiger Crm Version5.0.1
Vtiger ≫ Vtiger Crm Version5.0.2
Vtiger ≫ Vtiger Crm Version5.0.3
Vtiger ≫ Vtiger Crm Version5.0.4
Vtiger ≫ Vtiger Crm Version5.0.4 Updaterc
Vtiger ≫ Vtiger Crm Version5.1.0
Vtiger ≫ Vtiger Crm Version5.1.0 Updaterc
Vtiger ≫ Vtiger Crm Version5.2.0
Vtiger ≫ Vtiger Crm Version5.2.1
Vtiger ≫ Vtiger Crm Version5.3.0
Vtiger ≫ Vtiger Crm Version5.4.0
Vtiger ≫ Vtiger Crm Version6.0.0
Vtiger ≫ Vtiger Crm Version6.0.0 Updatebeta
Vtiger ≫ Vtiger Crm Version6.0.0 Updaterc
Vtiger ≫ Vtiger Crm Version6.0.0 Updatesp1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 77.29% | 0.989 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|