SuiteCRM versions 7.11.11 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks.
30243acc735a0a74cd60961a8b809988SuiteCRM versions 7.11.10 and below suffer from multiple remote SQL injection vulnerabilities.
e563a245d3450a08dc89409be7d351e6SuiteCRM versions 7.11.11 and below suffer from an action_saveHTMLField bean manipulation vulnerability.
5b37a8d65609f140a2d503b2ba0f5aeaSuiteCRM versions 7.11.11 and below suffer from multiple phar deserialization vulnerabilities.
40555272df9e2fe2b9399bbc7bb54c0aSuiteCRM versions 7.11.11 and below suffer from a second-order php object injection vulnerability.
ea4d3494a5be75e5e45932ce2189d4c2SugarCRM versions 9.0.1 and below suffer from multiple reflective cross site scripting vulnerabilities.
a36ef60c0e8d40f91c64cce4c99d669avBulletin versions 5.5.4 and below suffers from an updateAvatar remote code execution vulnerability.
2bd3e76b0d1ad20fdb921832d6d49f29vBulletin versions 5.5.4 and below suffer from multiple remote SQL injection vulnerabilities.
cd33cc4dfeb49e4f86dc27d6697a4e0aSuiteCRM version 7.10.7 suffers from multple remote SQL injection vulnerabilities.
f8182351b50a8cc9ef61797ff4e4abf0SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a path traversal vulnerability. User input passed through the "webhook_target_module" parameter is not properly sanitized before being used to save PHP code into the hooks file through the Web Logic Hooks module. This can be exploited to carry out path traversal attacks and e.g. create arbitrary directories. Successful exploitation of this vulnerability requires admin privileges.
0a73c52a5465fdc38ae3bede2f424098SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through the "trigger_event" parameter is not properly sanitized before being used to save PHP code into the 'logic_hooks.php' file through the Web Logic Hooks module. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.
bc08aaf51fef23154d37431b75e27168SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'labels_' parameters is not properly sanitized before being used to save PHP code within the "ParserLabel::addLabels()" method when saving labels through the Module Builder. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.
a185f42ec61a0417ce4c9024f155944aOracle Application Express versions prior to 5.1.4.00.08 suffer from a cross site scripting vulnerability. The vulnerability is located in the OracleAnyChart.swf file. User input passed through the "__externalobjid" GET parameter is not properly sanitized before being passed to the "ExternalInterface.call" method.
1878f1ac9c3a185afe84dab79f99b4feSugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a PHP code injection vulnerability in the WorkFlow module. User input passed through the $_POST['base_module'] parameter to the "Save" action of the WorkFlow module is not properly sanitized before being used to write data into the 'workflow.php' file. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.
695389da1dad0e4c2419d379b1d1e132SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'list_value' JSON parameter is not properly sanitized before being used to save PHP code when adding/saving dropdowns through the Module Builder. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.
d7144a03e522ca3b40f5f45efbaea7ddSugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a remote SQL injection vulnerability. The vulnerability is located within the SOAP API, specifically into the "portal_get_related_notes()" SOAP function. User input passed through the "order_by" parameter is not properly sanitized before being used to construct an "ORDER BY" clause of a SQL query from within the "get_notes_in_contacts()" or "get_notes_in_module()" functions. This can be exploited by Portal API Users to e.g. read sensitive data from the database through time-based SQL injection attacks.
61b9e60763ce19a37159b100d11ccf2bSugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a server-side request forgery vulnerability. The vulnerability is located within the "ConnectorsController::action_CallRest()" method. User input passed through the "url" request parameter is not properly sanitized before being used in a call to the "file_get_contents" function.
e437e1ac25dea0512229ef9d9063a774The imap_open function within PHP, if called without the /norsh flag, will attempt to preauthenticate an IMAP session. On Debian based systems, including Ubuntu, rsh is mapped to the ssh binary. Ssh's ProxyCommand option can be passed from imap_open to execute arbitrary commands. While many custom applications may use imap_open, this exploit works against the following applications: e107 v2, prestashop, SuiteCRM, as well as Custom, which simply prints the exploit strings for use. Prestashop exploitation requires the admin URI, and administrator credentials. suiteCRM/e107/hostcms require administrator credentials.
d4da49f1f3382fe81325e51853a7fcc3Kisisel Portfolyo Scripti version 4.031 suffers from a remote SQL injection vulnerability.
fe8c94f1b8ad1c684268cdad28cce66fTuleap versions 9.6 and below suffer from a second order PHP object injection vulnerability.
2a4b257f70f6f54a3226a84d41b3ca08PEAR HTML_AJAX versions 0.5.7 and below suffer from a PHP object injection vulnerability.
d2e6428ee37fd292066c41b75c9463b4Piwik version 2.16.0 and below suffer from a saveLayout PHP object injection vulnerability.
bd3245f114f5d320f885b704e6a5d15eSymantec Web Gateway versions 5.2.2 and below suffer from an OS command injection vulnerability in new_whitelist.php.
38e30c2ae231c0c90aef4db50c02c12cIPS Community Suite versions 4.1.12.3 and below suffer from a remote PHP code injection vulnerability.
6818425f032118305ebc187f36a5a134Concrete5 versions 5.7.3.1 and below suffer from a local file inclusion vulnerability.
7aad8a3d1adf10f05ea51ee8ca0e546dConcrete5 versions 5.7.3.1 and below suffer from multiple persistent cross site scripting vulnerabilities.
d058d3ec001d3a60cfa71271ebc40d36
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed