vBulletin versions 5.5.4 and below suffers from an updateAvatar remote code execution vulnerability.
b1df69e722fa4cad5f1ccc76b0fc3406b89ae033513d809855bd2220ee861825vBulletin versions 5.5.4 and below suffer from multiple remote SQL injection vulnerabilities.
742a27bb143fc517db0186097206a40eff166313f5c0f0b58106301ddbc20309SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a path traversal vulnerability. User input passed through the "webhook_target_module" parameter is not properly sanitized before being used to save PHP code into the hooks file through the Web Logic Hooks module. This can be exploited to carry out path traversal attacks and e.g. create arbitrary directories. Successful exploitation of this vulnerability requires admin privileges.
f1a4888bc04dd7c2329d4b9e63f5dcf70134ff7d0aa19f7a98b29b2dbe0338e8SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through the "trigger_event" parameter is not properly sanitized before being used to save PHP code into the 'logic_hooks.php' file through the Web Logic Hooks module. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.
373176d58b363fff344849e511f806e60ec800f851a6195367e4b5a93418a783SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'labels_' parameters is not properly sanitized before being used to save PHP code within the "ParserLabel::addLabels()" method when saving labels through the Module Builder. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.
c7c33095fa6c3f0a02f90d6e98e9f06032661b1137f050544d06cb8446b39c1fOracle Application Express versions prior to 5.1.4.00.08 suffer from a cross site scripting vulnerability. The vulnerability is located in the OracleAnyChart.swf file. User input passed through the "__externalobjid" GET parameter is not properly sanitized before being passed to the "ExternalInterface.call" method.
fb135bb3e65032ece683796f6d00e171ccf703a496743031b7e8f5ac177dc40cSugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a PHP code injection vulnerability in the WorkFlow module. User input passed through the $_POST['base_module'] parameter to the "Save" action of the WorkFlow module is not properly sanitized before being used to write data into the 'workflow.php' file. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.
c37dd37284e402ffed48fdd303aebe476fab7cb38a313fcbc305fbb02e290129SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'list_value' JSON parameter is not properly sanitized before being used to save PHP code when adding/saving dropdowns through the Module Builder. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.
980f9782786995d737ba7fd626d920010296ea4761e79aa483a82b1fe1b912d2SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a remote SQL injection vulnerability. The vulnerability is located within the SOAP API, specifically into the "portal_get_related_notes()" SOAP function. User input passed through the "order_by" parameter is not properly sanitized before being used to construct an "ORDER BY" clause of a SQL query from within the "get_notes_in_contacts()" or "get_notes_in_module()" functions. This can be exploited by Portal API Users to e.g. read sensitive data from the database through time-based SQL injection attacks.
8fd642b16f76870fd97e2aa38a1554554e8446dff1fee107a4b11985cc94644aSugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a server-side request forgery vulnerability. The vulnerability is located within the "ConnectorsController::action_CallRest()" method. User input passed through the "url" request parameter is not properly sanitized before being used in a call to the "file_get_contents" function.
73aea30f776890ef273c97076bc4e307c41eba6a7c8994f2355b433e4f8dacccMantis versions 1.1.3 and earlier are vulnerable to a post-authentication remote code execution vulnerability in the sort parameter of the manage_proj_page.php page.
bf6d1e2f1321eacf2214a3400a3201acd1c33bb08ba4cb9b45cfa3ee93eefbebThis Metasploit module exploits a Second-Order PHP Object Injection vulnerability in Tuleap <= 9.6 which could be abused by authenticated users to execute arbitrary PHP code with the permissions of the webserver. The vulnerability exists because of the User::getRecentElements() method is using the unserialize() function with data that can be arbitrarily manipulated by a user through the REST API interface. The exploit's POP chain abuses the __toString() method from the Mustache class to reach a call to eval() in the Transition_PostActionSubFactory::fetchPostActions() method.
b7ed3767d2e556f3c32b4d333b7a61ed02e66ba71ca064fedea6edb456ce4664Tuleap versions 9.6 and below suffer from a second order PHP object injection vulnerability.
614615fd533a9914f7dae0fc5c046315ec0b6c9faa00541179463892e627fd24PEAR HTML_AJAX versions 0.5.7 and below suffer from a PHP object injection vulnerability.
a877061f0b6d62d2472442db37c2d5befc021bed71668051a5dc42fa2dc94d4ePiwik version 2.16.0 and below suffer from a saveLayout PHP object injection vulnerability.
dcdc3544bfe63cc9a6b25f372b4bc6e23956e5ffd828ff6d48ff75fb585630b0Symantec Web Gateway versions 5.2.2 and below suffer from an OS command injection vulnerability in new_whitelist.php.
cdd7d3fa2ce47af05afd30d9d1babc8da234a3d22e201c7e7cdf0cff0bfcaed3This Metasploit module exploits a PHP Object Injection vulnerability in SugarCRM CE <= 6.5.23 which could be abused to allow unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. The dangerous unserialize() call exists in the '/service/core/REST/SugarRestSerialize.php' script. The exploit abuses the __destruct() method from the SugarCacheFile class to write arbitrary PHP code into the /custom directory.
9e36d98fcf465cbf54f3819f007d52be4777e317af00ae46dda8f382c44d0c0cIPS Community Suite versions 4.1.12.3 and below suffer from a remote PHP code injection vulnerability.
07d34c8cc41959e3fc58495e9c36c8046479cb6ce919a0514491dabfe2561b46Concrete5 versions 5.7.3.1 and below suffer from a local file inclusion vulnerability.
616ea7b3f7f6993c3c30d60eb69b780ea3e5f8f3d92361e6075cb57b7e9dbbdbConcrete5 versions 5.7.3.1 and below suffer from multiple persistent cross site scripting vulnerabilities.
9b6d1d19af3879b7eef3ddc8135c623b1cdf6ce2e8e040cf285212c36278ddf2Concrete5 versions 5.7.3.1 and below suffer from multiple cross site request forgery vulnerabilities.
baf7f093a6b164bb4963ba1136f5cebe78f38d52676c96cbadced44aa534cacdSugarCRM versions 6.5.23 and below suffer from a PHP object injection vulnerability.
1a98da7144e660a3accb44aab022cd43453f7c51263930ef13a00ccd4a03cb51SugarCRM versions 6.5.18 and below suffer from a MySugar::addDashlet insecure fopen() usage that can lead to command injection, cross site scripting, and server-side request forgery exploitation.
b5ea2947c8c691e63cd8b15a2ad9c1ce3e6371ed8f9cad785fad1655ff9e56d0SugarCRM versions 6.5.18 and below suffer from two PHP code injection vulnerabilities.
dd7c80c6120e1805c1954e5087e5f215c67a081881bc8f20fcaa86bfed40b75eSugarCRM versions 6.5.18 and below suffer from a missing authorization check vulnerability.
b0d6c09a780b84f51c2d8a829a8cad6ddf0b80bf8cd8641bb49a73cc3e3ff170
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed