CVE-2014-2269

vtiger_crm - Unauthenticated Password Reset via ForgotPassword.php

Title source: llm
STIX 2.1

Description

modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters.

References (2)

Core 2

Scores

EPSS 0.1578
EPSS Percentile 96.5%

Details

CWE
CWE-20
Status published
Products (1)
vtiger/vtiger_crm 6.0.0
Published Apr 22, 2014
Tracked Since Feb 18, 2026