what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

SugarCRM 12.2.0 Shell Upload
Posted Aug 23, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 12.2.0 and below suffers from a multiple step remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2023-35808
SHA-256 | 6bee957dcfc710f3709d5cc3ba3aa33ecb6f07d987d6836c2df36e2f2011c8a8

Related Files

SugarCRM 13.0.1 Shell Upload
Posted Oct 27, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 13.0.1 and below suffer from a remote shell upload vulnerability in the set_note_attachment SOAP call.

tags | exploit, remote, shell
SHA-256 | f051a516487d8fd4a224aa9c883a0ab530f400da930805694f2f73cbeae5a487
SugarCRM 13.0.1 Server-Side Template Injection
Posted Oct 27, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 13.0.1 and below suffer from a server-side template injection vulnerability in the GetControl action from the Import module. This issue can be leveraged to execute arbitrary php code.

tags | exploit, arbitrary, php
SHA-256 | 482a650864ca894b028d96d1341d94b0fd22a59191625c172302fe115ad4deb5
SugarCRM 12.2.0 SQL Injection
Posted Aug 23, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 12.2.0 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2023-35811
SHA-256 | 7ac3dd76029909e92ecbb32df56339dca3e9412efcdf8b96b27046af6d4ffb09
SugarCRM 12.2.0 PHP Object Injection
Posted Aug 23, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 12.2.0 and below suffer from a PHP object injection vulnerability.

tags | exploit, php
advisories | CVE-2023-35810
SHA-256 | 32f7ef69ef5791e90290f62780a766a77c6238a01e2c71417b234a5b64db910c
SugarCRM 12.2.0 Bean Manipulation
Posted Aug 23, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 12.2.0 suffer from a bean manipulation vulnerability that can allow for privilege escalation.

tags | exploit
advisories | CVE-2023-35809
SHA-256 | 1078818f691b65f6434800472b38689394026e833cc221fb0566161b653d1103
SugarCRM 12.x Remote Code Execution / Shell Upload
Posted Mar 10, 2023
Authored by sw33t.0day | Site metasploit.com

This Metasploit module exploits CVE-2023-22952, a remote code execution vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and Serve versions prior to 12.0.2.

tags | exploit, remote, code execution
advisories | CVE-2023-22952
SHA-256 | 8dee3580d4739894afee71ec96b13c0291c147c08c38e33083c401b41c7fc8a1
SugarCRM Shell Upload
Posted Dec 31, 2022
Authored by sw33t.0day

SugarCRM versions up to 12.2.0 suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 74cace1b6e9afc52d16c5afdcecc42e3abd20dc7f1ccb5629f3f64b72179e905
SugarCRM 6.5.18 Cross Site Scripting
Posted Nov 16, 2020
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

SugarCRM version 6.5.18 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 73219fed971a5ec458c75e943bcbf977c3f431496cc648b5d1fca72cb4d15889
SugarCRM 6.5.18 Cross Site Scripting
Posted Nov 16, 2020
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

SugarCRM version 6.5.18 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0798563b5a3ae3ca51c0af6069c5c026f1ce326e5026603dedf29d24602a7732
SugarCRM SQL Injection
Posted Aug 12, 2020
Authored by EgiX

SugarCRM versions prior to 10.1.10 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2020-17373
SHA-256 | dcd6f8e1b431c4d591d3fca6cf750508720c3bcb8fd317bf29a73f62c5ce15b8
SugarCRM Cross Site Scripting
Posted Aug 12, 2020
Authored by EgiX

SugarCRM versions prior to 10.1.10 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-17372
SHA-256 | 3b4dd8343f28746f3b059b1453af1a6567db0f415690776d8a7b2d7da1d2f3d9
SugarCRM 9.0.1 Phar Deserialization
Posted Oct 11, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 9.0.1 and below suffer from multiple phar deserialization vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 711e401e10751d14106c7d0d10801ee4abc8af0fdc7d9ced190af9f40bd8b2b6
SugarCRM 9.0.1 PHP Object Injection
Posted Oct 11, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 9.0.1 and below suffer from multiple php object injection vulnerabilities.

tags | exploit, php, vulnerability
SHA-256 | 8b88a90be7bc1e1c4d2e0999a7bd3ac7433d507d003d7ab451000a265ee5a8db
SugarCRM 9.0.1 PHP Code Injection
Posted Oct 11, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 9.0.1 and below suffer from multiple PHP code injection vulnerabilities.

tags | exploit, php, vulnerability
SHA-256 | a44f4aa037e7f6f71dae59ddf084cc790b41aec26db1e5cb2276c9899d5f3f18
SugarCRM 9.0.1 Path Traversal
Posted Oct 11, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 9.0.1 and below suffer from multiple path traversal vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 3525297b98fb37dc9912e4d971124d2afa1976184ef8b457ef67fd625ff6ffff
SugarCRM 9.0.1 Broken Access Controls
Posted Oct 11, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 9.0.1 and below suffer from multiple broken access control vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 0dd2fbd4789141e84c8bccb263858c18a97a038f7954176c5e7ff6eb99106ea1
SugarCRM 9.0.1 SQL Injection
Posted Oct 11, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 9.0.1 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 665f2aca10cf90f64b8d1dca58fcf3fcff93c552f7bd30b7836cdb1c6c4b2267
SugarCRM 9.0.1 Cross Site Scripting
Posted Oct 11, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 9.0.1 and below suffer from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 7d09c62859ee6df54d6c301681c3cf8c05bd10fec1feda4693b0c5f024b83971
SugarCRM Web Logic Hooks Module Path Traversal
Posted Jan 1, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a path traversal vulnerability. User input passed through the "webhook_target_module" parameter is not properly sanitized before being used to save PHP code into the hooks file through the Web Logic Hooks module. This can be exploited to carry out path traversal attacks and e.g. create arbitrary directories. Successful exploitation of this vulnerability requires admin privileges.

tags | exploit, web, arbitrary, php
SHA-256 | f1a4888bc04dd7c2329d4b9e63f5dcf70134ff7d0aa19f7a98b29b2dbe0338e8
SugarCRM Web Logic Hooks Module PHP Code Injection
Posted Jan 1, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through the "trigger_event" parameter is not properly sanitized before being used to save PHP code into the 'logic_hooks.php' file through the Web Logic Hooks module. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.

tags | exploit, web, arbitrary, php
SHA-256 | 373176d58b363fff344849e511f806e60ec800f851a6195367e4b5a93418a783
SugarCRM addLabels PHP Code Injection
Posted Jan 1, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'labels_' parameters is not properly sanitized before being used to save PHP code within the "ParserLabel::addLabels()" method when saving labels through the Module Builder. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.

tags | exploit, arbitrary, php
SHA-256 | c7c33095fa6c3f0a02f90d6e98e9f06032661b1137f050544d06cb8446b39c1f
SugarCRM WorkFlow PHP Code Injection
Posted Jan 1, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a PHP code injection vulnerability in the WorkFlow module. User input passed through the $_POST['base_module'] parameter to the "Save" action of the WorkFlow module is not properly sanitized before being used to write data into the 'workflow.php' file. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.

tags | exploit, arbitrary, php
SHA-256 | c37dd37284e402ffed48fdd303aebe476fab7cb38a313fcbc305fbb02e290129
SugarCRM SaveDropDown PHP Code Injection
Posted Jan 1, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'list_value' JSON parameter is not properly sanitized before being used to save PHP code when adding/saving dropdowns through the Module Builder. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.

tags | exploit, arbitrary, php
SHA-256 | 980f9782786995d737ba7fd626d920010296ea4761e79aa483a82b1fe1b912d2
SugarCRM portal_get_related_notes SQL Injection
Posted Jan 1, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a remote SQL injection vulnerability. The vulnerability is located within the SOAP API, specifically into the "portal_get_related_notes()" SOAP function. User input passed through the "order_by" parameter is not properly sanitized before being used to construct an "ORDER BY" clause of a SQL query from within the "get_notes_in_contacts()" or "get_notes_in_module()" functions. This can be exploited by Portal API Users to e.g. read sensitive data from the database through time-based SQL injection attacks.

tags | exploit, remote, sql injection
SHA-256 | 8fd642b16f76870fd97e2aa38a1554554e8446dff1fee107a4b11985cc94644a
SugarCRM ConnectorsController Server-Side Request Forgery
Posted Jan 1, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a server-side request forgery vulnerability. The vulnerability is located within the "ConnectorsController::action_CallRest()" method. User input passed through the "url" request parameter is not properly sanitized before being used in a call to the "file_get_contents" function.

tags | exploit
SHA-256 | 73aea30f776890ef273c97076bc4e307c41eba6a7c8994f2355b433e4f8daccc
Page 1 of 4
Back1234Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close