SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a path traversal vulnerability. User input passed through the "webhook_target_module" parameter is not properly sanitized before being used to save PHP code into the hooks file through the Web Logic Hooks module. This can be exploited to carry out path traversal attacks and e.g. create arbitrary directories. Successful exploitation of this vulnerability requires admin privileges.
0a73c52a5465fdc38ae3bede2f424098SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through the "trigger_event" parameter is not properly sanitized before being used to save PHP code into the 'logic_hooks.php' file through the Web Logic Hooks module. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.
bc08aaf51fef23154d37431b75e27168SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'labels_' parameters is not properly sanitized before being used to save PHP code within the "ParserLabel::addLabels()" method when saving labels through the Module Builder. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.
a185f42ec61a0417ce4c9024f155944aOracle Application Express versions prior to 5.1.4.00.08 suffer from a cross site scripting vulnerability. The vulnerability is located in the OracleAnyChart.swf file. User input passed through the "__externalobjid" GET parameter is not properly sanitized before being passed to the "ExternalInterface.call" method.
1878f1ac9c3a185afe84dab79f99b4feSugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a PHP code injection vulnerability in the WorkFlow module. User input passed through the $_POST['base_module'] parameter to the "Save" action of the WorkFlow module is not properly sanitized before being used to write data into the 'workflow.php' file. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.
695389da1dad0e4c2419d379b1d1e132SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'list_value' JSON parameter is not properly sanitized before being used to save PHP code when adding/saving dropdowns through the Module Builder. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.
d7144a03e522ca3b40f5f45efbaea7ddSugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a remote SQL injection vulnerability. The vulnerability is located within the SOAP API, specifically into the "portal_get_related_notes()" SOAP function. User input passed through the "order_by" parameter is not properly sanitized before being used to construct an "ORDER BY" clause of a SQL query from within the "get_notes_in_contacts()" or "get_notes_in_module()" functions. This can be exploited by Portal API Users to e.g. read sensitive data from the database through time-based SQL injection attacks.
61b9e60763ce19a37159b100d11ccf2bSugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a server-side request forgery vulnerability. The vulnerability is located within the "ConnectorsController::action_CallRest()" method. User input passed through the "url" request parameter is not properly sanitized before being used in a call to the "file_get_contents" function.
e437e1ac25dea0512229ef9d9063a774Mantis versions 1.1.3 and earlier are vulnerable to a post-authentication remote code execution vulnerability in the sort parameter of the manage_proj_page.php page.
1357cfcb1f87c0ce0787fbc307d1bb01This Metasploit module exploits a Second-Order PHP Object Injection vulnerability in Tuleap <= 9.6 which could be abused by authenticated users to execute arbitrary PHP code with the permissions of the webserver. The vulnerability exists because of the User::getRecentElements() method is using the unserialize() function with data that can be arbitrarily manipulated by a user through the REST API interface. The exploit's POP chain abuses the __toString() method from the Mustache class to reach a call to eval() in the Transition_PostActionSubFactory::fetchPostActions() method.
bf85aad5adfa9342783213505d464d8cTuleap versions 9.6 and below suffer from a second order PHP object injection vulnerability.
2a4b257f70f6f54a3226a84d41b3ca08PEAR HTML_AJAX versions 0.5.7 and below suffer from a PHP object injection vulnerability.
d2e6428ee37fd292066c41b75c9463b4Piwik version 2.16.0 and below suffer from a saveLayout PHP object injection vulnerability.
bd3245f114f5d320f885b704e6a5d15eSymantec Web Gateway versions 5.2.2 and below suffer from an OS command injection vulnerability in new_whitelist.php.
38e30c2ae231c0c90aef4db50c02c12cThis Metasploit module exploits a PHP Object Injection vulnerability in SugarCRM CE <= 6.5.23 which could be abused to allow unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. The dangerous unserialize() call exists in the '/service/core/REST/SugarRestSerialize.php' script. The exploit abuses the __destruct() method from the SugarCacheFile class to write arbitrary PHP code into the /custom directory.
f9879bb95d16d3382f2534b9240c7d25IPS Community Suite versions 4.1.12.3 and below suffer from a remote PHP code injection vulnerability.
6818425f032118305ebc187f36a5a134Concrete5 versions 5.7.3.1 and below suffer from a local file inclusion vulnerability.
7aad8a3d1adf10f05ea51ee8ca0e546dConcrete5 versions 5.7.3.1 and below suffer from multiple persistent cross site scripting vulnerabilities.
d058d3ec001d3a60cfa71271ebc40d36Concrete5 versions 5.7.3.1 and below suffer from multiple cross site request forgery vulnerabilities.
a9b43ed5dadf22c5af4f6e27e76b6a2dSugarCRM versions 6.5.23 and below suffer from a PHP object injection vulnerability.
75a86f0ba47e36424e523dde32a8cfb9SugarCRM versions 6.5.18 and below suffer from a MySugar::addDashlet insecure fopen() usage that can lead to command injection, cross site scripting, and server-side request forgery exploitation.
d4aa80fa1772da234e2d9b4d7bd5e299SugarCRM versions 6.5.18 and below suffer from two PHP code injection vulnerabilities.
58722361e515edc078b6dc8a90758f93SugarCRM versions 6.5.18 and below suffer from a missing authorization check vulnerability.
7b4962bd34be471d7a0aac23a8f25eaaSugarCRM versions 6.5.18 CE and below suffer from a SAML authentication XML external entity vulnerability.
c28483be9e51e708f3c48952da13852eMagento versions 1.9.2.2 and below suffer from an information disclosure vulnerability in their RSS feed.
72ef98d834f769976ae3af136b7e032f
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed