SugarCRM versions 6.5.16 and below suffer from an XML external entity attack vulnerability.
75ac9dbf751b5a7e72f7c1007cb231586a2d7bdca087f2e5353448d2f0bdd326
Product:SugarCRM
Description:SugarCRM enables businesses to create extraordinary customer relationships with the most innovative and affordable CRM solution in the market.
Version affected:v6.5.16 and less
Type:XML External Entity Attack
Consequence:Arbitrary Local File Read&Potential RCE
Vulnerability Details:http://www.pnigos.com/?p=294Fix Released:This bug has fixed in v6.5.17
Bug was found by pnig0s @ FreeBuf.Com
==================================================
Best Regards,pnig0s