1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: vtiger CRM CVE-2014-2268

Web Attack: vtiger CRM CVE-2014-2268

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts of leveraging a remote code execution vulnerability in vtiger CRM which could lead to arbitrary code execution.

Additional Information

vtiger CRM is a PHP-based customer relationship management application.

The application is prone to a remote code-execution vulnerability because it fails to sanitize Ajax request submitted to the 'Index.php' script.

Exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application.

Affected

  • vtiger CRM 6.0 is vulnerable; other versions may also be affected.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube