CVE-2014-2268

vTiger 6.0 - RCE

Title source: llm

Description

views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/32794

View Code ZIP pw:eip

metasploit WORKING POC MANUAL

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/vtiger_install_rce.rb

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://vtiger-crm.2324883.n4.nabble.com/Vtigercrm-developers-IMP-forgot-password-and-re-installation-security-fix-tt9786.html

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/32794

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/66757

[Exploit, Third Party Advisory] https://www.navixia.com/blog/entry/navixia-find-critical-vulnerabilities-in-vtiger-crm-cve-2014-2268-cve-2014-2269.html

Scores

EPSS 0.7729

EPSS Percentile 99.0%

Details

CWE

CWE-264

Status published

Products (22)

vtiger/vtiger_crm 1.0

vtiger/vtiger_crm 2.0

vtiger/vtiger_crm 2.0.1

vtiger/vtiger_crm 2.1

vtiger/vtiger_crm 3.0 (2 CPE variants)

vtiger/vtiger_crm 3.2

vtiger/vtiger_crm 4 (3 CPE variants)

vtiger/vtiger_crm 4.0

vtiger/vtiger_crm 4.0.1

vtiger/vtiger_crm 4.2

... and 12 more

Published Nov 16, 2014

Tracked Since Feb 18, 2026