CVE-2012-0694

Опубликовано: 29 окт. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.

Ссылки

https://seclists.org/bugtraq/2012/Jun/165
Mailing List
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2012-0694
Third Party Advisory
https://www.exploit-db.com/exploits/19381
Exploit
Third Party Advisory
VDB Entry
https://seclists.org/bugtraq/2012/Jun/165
Mailing List
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2012-0694
Third Party Advisory
https://www.exploit-db.com/exploits/19381
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:community:*:*:*

Версия до 6.3.1 (включая)

EPSS

Процентиль: 99%

0.83749

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2012-0694

CVSS3: 9.8

debian

больше 6 лет назад

SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with us ...

GHSA-4hgx-j8rf-29x9

CVSS3: 9.8

github

почти 4 года назад

SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.

EPSS

Процентиль: 99%

0.83749

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20