CVE-2014-2268

Name of the Vulnerable Software and Affected Versions vTiger versions 6.0 before Security Patch 2

Description The issue is related to improper access restriction in the views/Index.php file within the Install module. This allows remote attackers to re-install the application by setting the X-Requested-With HTTP header in a request. Attackers can execute arbitrary PHP code via the db name parameter.

Recommendations For versions 6.0 before Security Patch 2, apply Security Patch 2 to resolve the issue. As a temporary workaround, consider restricting access to the views/Index.php file in the Install module to minimize the risk of exploitation. Avoid using the db name parameter in affected requests until the issue is resolved.