ID CVE-2017-14510 Type cve Reporter cve@mitre.org Modified 2017-12-30T02:29:00
Description
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). The WebToLeadCapture functionality is found vulnerable to unauthenticated cross-site scripting (XSS) attacks. This attack vector is mitigated by proper validating the redirect URL values being passed along.
{"freebsd": [{"lastseen": "2019-05-29T18:32:10", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14509", "CVE-2017-14508", "CVE-2017-14510"], "description": "\nsugarcrm developers report:\n\nAn issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as demonstrated by a backslash character at the end of a bean_id to modules/Emails/DetailView.php. An attacker could exploit these vulnerabilities by sending a crafted SQL request to the affected areas. An exploit could allow the attacker to modify the SQL database. Proper SQL escaping has been added to prevent such exploits.\nAn issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a query string. Proper input validation has been added to mitigate this issue.\nAn issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). The WebToLeadCapture functionality is found vulnerable to unauthenticated cross-site scripting (XSS) attacks. This attack vector is mitigated by proper validating the redirect URL values being passed along.\n\n", "edition": 5, "modified": "2017-09-17T00:00:00", "published": "2017-09-17T00:00:00", "id": "3B776502-F601-44E0-87CD-B63F1B9AE42A", "href": "https://vuxml.freebsd.org/freebsd/3b776502-f601-44e0-87cd-b63f1b9ae42a.html", "title": "sugarcrm -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14509", "CVE-2017-14508", "CVE-2017-14510"], "description": "SugarCRM is prone to multiple vulnerabilities.", "modified": "2018-10-26T00:00:00", "published": "2017-09-26T00:00:00", "id": "OPENVAS:1361412562310140402", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140402", "type": "openvas", "title": "SugarCRM Multiple Vulnerabilities (September 2017)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sugarcrm_mult_vuln_sep17.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# SugarCRM Multiple Vulnerabilities (September 2017)\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:sugarcrm:sugarcrm\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140402\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-26 13:58:02 +0700 (Tue, 26 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2017-14508\", \"CVE-2017-14509\", \"CVE-2017-14510\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"SugarCRM Multiple Vulnerabilities (September 2017)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_sugarcrm_detect.nasl\");\n script_mandatory_keys(\"sugarcrm/installed\");\n\n script_tag(name:\"summary\", value:\"SugarCRM is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"insight\", value:\"SugarCRM is prone to multiple vulnerabilities:\n\n - Authenticated users may cause arbitrary SQL to be executed. (CVE-2017-14508)\n\n - Authenticated users may access system files. (CVE-2017-14509)\n\n - Unauthenticated users may cause arbitrary code to be executed. (CVE-2017-14510)\");\n\n script_tag(name:\"affected\", value:\"SugarCRM version 7.7, 7.8 and 7.9.\");\n\n script_tag(name:\"solution\", value:\"Update to version 7.7.2.3, 7.8.2.2, 7.9.2.0 or later.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_xref(name:\"URL\", value:\"https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2017-006/\");\n script_xref(name:\"URL\", value:\"https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2017-007/\");\n script_xref(name:\"URL\", value:\"https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2017-008/\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version =~ \"^7\\.7\\.\") {\n if (version_is_less(version: version, test_version: \"7.7.2.3\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.7.2.3\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^7\\.8\\.\") {\n if (version_is_less(version: version, test_version: \"7.8.2.2\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.8.2.2\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^7\\.9\\.\") {\n if (version_is_less(version: version, test_version: \"7.9.2.0\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.9.2.0\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T10:49:10", "description": "sugarcrm developers report :\n\nAn issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before\n7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition\n6.5.26). Several areas have been identified in the Documents and\nEmails module that could allow an authenticated user to perform SQL\ninjection, as demonstrated by a backslash character at the end of a\nbean_id to modules/Emails/DetailView.php. An attacker could exploit\nthese vulnerabilities by sending a crafted SQL request to the affected\nareas. An exploit could allow the attacker to modify the SQL database.\nProper SQL escaping has been added to prevent such exploits.\n\nAn issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before\n7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition\n6.5.26). A remote file inclusion has been identified in the Connectors\nmodule allowing authenticated users to include remotely accessible\nsystem files via a query string. Proper input validation has been\nadded to mitigate this issue.\n\nAn issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before\n7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition\n6.5.26). The WebToLeadCapture functionality is found vulnerable to\nunauthenticated cross-site scripting (XSS) attacks. This attack vector\nis mitigated by proper validating the redirect URL values being passed\nalong.", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-27T00:00:00", "title": "FreeBSD : sugarcrm -- multiple vulnerabilities (3b776502-f601-44e0-87cd-b63f1b9ae42a)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14509", "CVE-2017-14508", "CVE-2017-14510"], "modified": "2017-09-27T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:sugarcrm"], "id": "FREEBSD_PKG_3B776502F60144E087CDB63F1B9AE42A.NASL", "href": "https://www.tenable.com/plugins/nessus/103475", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103475);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-14508\", \"CVE-2017-14509\", \"CVE-2017-14510\");\n\n script_name(english:\"FreeBSD : sugarcrm -- multiple vulnerabilities (3b776502-f601-44e0-87cd-b63f1b9ae42a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"sugarcrm developers report :\n\nAn issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before\n7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition\n6.5.26). Several areas have been identified in the Documents and\nEmails module that could allow an authenticated user to perform SQL\ninjection, as demonstrated by a backslash character at the end of a\nbean_id to modules/Emails/DetailView.php. An attacker could exploit\nthese vulnerabilities by sending a crafted SQL request to the affected\nareas. An exploit could allow the attacker to modify the SQL database.\nProper SQL escaping has been added to prevent such exploits.\n\nAn issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before\n7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition\n6.5.26). A remote file inclusion has been identified in the Connectors\nmodule allowing authenticated users to include remotely accessible\nsystem files via a query string. Proper input validation has been\nadded to mitigate this issue.\n\nAn issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before\n7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition\n6.5.26). The WebToLeadCapture functionality is found vulnerable to\nunauthenticated cross-site scripting (XSS) attacks. This attack vector\nis mitigated by proper validating the redirect URL values being passed\nalong.\"\n );\n # https://blog.ripstech.com/2017/sugarcrm-security-diet-multiple-vulnerabilities/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6737bac2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2017-006/\"\n );\n # https://blog.ripstech.com/2017/sugarcrm-security-diet-multiple-vulnerabilities/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6737bac2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2017-007/\"\n );\n # https://blog.ripstech.com/2017/sugarcrm-security-diet-multiple-vulnerabilities/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6737bac2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2017-008/\"\n );\n # https://vuxml.freebsd.org/freebsd/3b776502-f601-44e0-87cd-b63f1b9ae42a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9cff4001\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:sugarcrm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"sugarcrm<=6.5.26\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}
