Test ID:	1.3.6.1.4.1.25623.1.0.802070
Category:	Web application abuses
Title:	Vtiger CRM Multiple Vulnerabilities (Apr 2014)
Summary:	Vtiger CRM is prone to multiple vulnerabilities
Description:	Summary: Vtiger CRM is prone to multiple vulnerabilities Vulnerability Insight: The following flaws exist: - No access control or restriction is enforced when the changePassword() function in the 'forgotPassword.php' script is called - A flaw in the install module that is triggered as input passed via the 'db_name' parameter is not properly sanitized Vulnerability Impact: Successful exploitation will allow remote attackers to change the password of any user or remote attackers can execute arbitrary php code. Affected Software/OS: Vtiger CRM version 6.0.0 (including Security Patch1), 6.0 RC and 6.0 Beta. Solution: Apply the Security Patch 2 for Vtiger 6.0 (issued on March 16, 2014). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2268 BugTraq ID: 66757 http://www.securityfocus.com/bid/66757 http://www.exploit-db.com/exploits/32794 https://www.navixia.com/blog/entry/navixia-find-critical-vulnerabilities-in-vtiger-crm-cve-2014-2268-cve-2014-2269.html http://vtiger-crm.2324883.n4.nabble.com/Vtigercrm-developers-IMP-forgot-password-and-re-installation-security-fix-tt9786.html Common Vulnerability Exposure (CVE) ID: CVE-2014-2269 BugTraq ID: 66758 http://www.securityfocus.com/bid/66758
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.