Описание
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with regular user privileges can exploit this.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 12.0.0 (включая) до 12.0.4 (исключая)Версия от 12.0.0 (включая) до 12.0.4 (исключая)Версия от 12.0.0 (включая) до 12.0.4 (исключая)
Одно из
cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:sell:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:serve:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:13.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:13.0.0:*:*:*:sell:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:13.0.0:*:*:*:serve:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:13.0.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:13.0.1:*:*:*:sell:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:13.0.1:*:*:*:serve:*:*:*
EPSS
Процентиль: 47%
0.00239
Низкий
8.8 High
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 8.8
github
больше 2 лет назад
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with regular user privileges can exploit this.
EPSS
Процентиль: 47%
0.00239
Низкий
8.8 High
CVSS3
Дефекты
CWE-434