Описание
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| sugarcrm-ce-5.0 | itp | package |
Примечания
http://seclists.org/bugtraq/2012/Jun/165
EPSS
Процентиль: 99%
0.83749
Высокий
Связанные уязвимости
CVSS3: 9.8
nvd
больше 6 лет назад
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
CVSS3: 9.8
github
почти 4 года назад
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
EPSS
Процентиль: 99%
0.83749
Высокий