← back
CVE-2014-2268

CVE-2014-2268

50Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 31%
from disclosure to weapon0 days
Published on NVDNov 16
1st PoCApr 10
metasploitMar 5
exploitation probability
31%top 2% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.