What is CVE-2014-2268?

CVE-2014-2268 is a vulnerability in Vtiger Vtiger_crm, classified under CWE-264. Published 2014-11-16.

Is CVE-2014-2268 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Vtiger Vtiger_crm

CVE-2014-2268

views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonst…

EPSS: 0.773 (99.0th percentile) — read the EPSS interpretation.

Affected products

Vtiger Vtiger_crm — versions 1.0, 2.0, 2.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

rapid7/metasploit-framework

References

66757 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)
[Vtigercrm-developers] 20140316 IMP: forgot password and re-installation security fix (Vendor Advisory, mailing-list, x_refsource_MLIST)
32794 (Exploit, exploit, Third Party Advisory, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2014-2268?: CVE-2014-2268 is a vulnerability in Vtiger Vtiger_crm, classified under CWE-264. Published 2014-11-16.
Is CVE-2014-2268 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.