Security Advisory

CVE-2014-2268

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-11-16 01:00:00

Last updated 2024-08-06 10:06:00

Assigner mitre

State PUBLISHED

Description

views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter.

← Browse all CVEs View on cve.org ↗