Description

install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter.

Remediation

References

CVE-2014-7986

Related Vulnerabilities

WordPress Plugin WooCommerce Checkout For Digital Goods Cross-Site Request Forgery (2.2)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.17)

WordPress Plugin easyping-website subscriptions done right PHP Object Injection (0.0.1)

WordPress Plugin WP eCommerce Cross-Site Scripting (3.9.2)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Unspecified Vulnerability (1.2.41)

Severity

Medium

Classification

CVE-2014-7986 CWE-264

Tags

Missing Update Known Vulnerabilities