Arbitrary User Password Reset Vulnerability in vTiger 6.0
CVE-2014-2269 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:P/A:P
modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters.
Learn more about our User Device Pen Test.