I recently noticed various similar entries in my web server’s error log:
[date+time] [error] [client IP] File does not exist: /path/to/vtigercrm
The access log contained 404 entries of the form
IP - - [date+time] "GET /vtigercrm/graph.php?current_language=../../../../../../../..//etc/elastix.conf%00&module=Accounts&action HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9) Gecko/2008052906 Firefox/3.0"
starting about March 2012 and going on until today.
The files required also include /etc/asterisk/sip_additional.conf, /etc/amportal.conf, indicating a search for free communication means.
Sometimes there is only a request probing whether the /vtigercrm directory or the /vtigercrm/index.php file exist.
The internetz know more about vtiger CRM exploits, such as this advisory describing a couple of vulnerabilities, e.g. directory traversal to retrieve the contents of a configuration file by passing the current_language parameter.
If only PHP programmers knew that their programming language is full of holes, and created code accordingly.