ID de Prueba:	1.3.6.1.4.1.25623.1.0.802070
Categoría:	Web application abuses
Título:	Vtiger CRM Multiple Vulnerabilities (Apr 2014)
Resumen:	Vtiger CRM is prone to multiple vulnerabilities
Descripción:	Summary: Vtiger CRM is prone to multiple vulnerabilities Vulnerability Insight: The following flaws exist: - No access control or restriction is enforced when the changePassword() function in the 'forgotPassword.php' script is called - A flaw in the install module that is triggered as input passed via the 'db_name' parameter is not properly sanitized Vulnerability Impact: Successful exploitation will allow remote attackers to change the password of any user or remote attackers can execute arbitrary php code. Affected Software/OS: Vtiger CRM version 6.0.0 (including Security Patch1), 6.0 RC and 6.0 Beta. Solution: Apply the Security Patch 2 for Vtiger 6.0 (issued on March 16, 2014). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2268 BugTraq ID: 66757 http://www.securityfocus.com/bid/66757 http://www.exploit-db.com/exploits/32794 https://www.navixia.com/blog/entry/navixia-find-critical-vulnerabilities-in-vtiger-crm-cve-2014-2268-cve-2014-2269.html http://vtiger-crm.2324883.n4.nabble.com/Vtigercrm-developers-IMP-forgot-password-and-re-installation-security-fix-tt9786.html Common Vulnerability Exposure (CVE) ID: CVE-2014-2269 BugTraq ID: 66758 http://www.securityfocus.com/bid/66758
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.