Summary
This host is installed with Vtiger CRM and is prone to multiple vulnerabilities
Impact
Successful exploitation will allow remote attackers to change the password of any user or remote attackers can execute arbitrary php code.
Impact Level: System/Application
Solution
Apply Security Patch 2 for Vtiger 6.0 (issued on March 16, 2014), For patch refer to, http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%206.0.0/Add-ons
Insight
- No access control or restriction is enforced when the changePassword() function in 'forgotPassword.php' script is called.
- Flaw in the install module that is triggered as input passed via the 'db_name' parameter is not properly sanitized.
Affected
Vtiger CRM version 6.0.0 (including Security Patch1), 6.0 RC, 6.0 Beta.
Detection
Send a crafted HTTP GET request and check whether it responds with error message.
References
- http://osvdb.org/105641
- http://osvdb.org/105642
- http://packetstormsecurity.com/files/126067
- http://vtiger-crm.2324883.n4.nabble.com/Vtigercrm-developers-IMP-forgot-password-and-re-installation-security-fix-tt9786.html
- http://www.exploit-db.com/exploits/32794
- https://www.navixia.com/blog/entry/navixia-find-critical-vulnerabilities-in-vtiger-crm-cve-2014-2268-cve-2014-2269.html
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-2268, CVE-2014-2269 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- Afian 'includer.php' Directory Traversal Vulnerability
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities