Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Vtiger CRM Install模块远程代码执行漏洞
Vulnerability Description
Vtiger CRM是美国Vtiger公司的一套基于SugarCRM开发的客户关系管理系统(CRM),它提供管理、收集、分析客户信息等功能。Install Module是其中的一个安装模块。 Vtiger CRM 6.0版本的Install模块中的views/Index.php脚本中存在安全漏洞,该漏洞源于程序没有正确限制访问权限。远程攻击者可通过发送包含X-Requested-With HTTP头设置的请求利用该漏洞重装应用程序。
CVSS Information
N/A
Vulnerability Type
N/A