Summary
This host is installed with Vtiger CRM and is prone to multiple vulnerabilities
Impact
Successful exploitation will allow remote attackers to change the password of any user or remote attackers can execute arbitrary php code.
Impact Level: System/Application
Solution
Apply Security Patch 2 for Vtiger 6.0 (issued on March 16, 2014), For patch refer to, http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%206.0.0/Add-ons
Insight
- No access control or restriction is enforced when the changePassword() function in 'forgotPassword.php' script is called.
- Flaw in the install module that is triggered as input passed via the 'db_name' parameter is not properly sanitized.
Affected
Vtiger CRM version 6.0.0 (including Security Patch1), 6.0 RC, 6.0 Beta.
Detection
Send a crafted HTTP GET request and check whether it responds with error message.
References
- http://osvdb.org/105641
- http://osvdb.org/105642
- http://packetstormsecurity.com/files/126067
- http://vtiger-crm.2324883.n4.nabble.com/Vtigercrm-developers-IMP-forgot-password-and-re-installation-security-fix-tt9786.html
- http://www.exploit-db.com/exploits/32794
- https://www.navixia.com/blog/entry/navixia-find-critical-vulnerabilities-in-vtiger-crm-cve-2014-2268-cve-2014-2269.html
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-2268, CVE-2014-2269 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- Apache Struts2 'XWork' Information Disclosure Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability