SugarCRM 6.5.18 Missing Authorization

2016-06-24T00:00:00
ID PACKETSTORM:137635
Type packetstorm
Reporter EgiX
Modified 2016-06-24T00:00:00

Description

                                        
                                            `--------------------------------------------------------------  
SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities  
--------------------------------------------------------------  
  
  
[-] Software Link:  
  
http://www.sugarcrm.com/  
  
  
[-] Affected Versions:  
  
Version 6.5.18 CE and prior versions.  
  
  
[-] Vulnerabilities Description:  
  
The application fails to properly check whether the user has administrator privileges within the following scripts:  
  
1) /modules/Administration/ImportCustomFieldStructure.php  
2) /modules/Administration/UpgradeWizard_commit.php  
3) /modules/Connectors/controller.php ("RunTest" action)  
  
This can be exploited by authenticated users to access certain otherwise restricted administrative features  
or exploit further vulnerabilities within the affected scripts (e.g. a SQL injection vulnerability located  
within the ImportCustomFieldStructure.php file).  
  
  
[-] Solution:  
  
Update to version 6.5.19 CE or higher.  
  
  
[-] Disclosure Timeline:  
  
[22/10/2014] - Vendor notified  
[15/12/2014] - Version 6.5.19 CE released: http://bit.do/sugar6519  
[29/04/2015] - CVE number requested  
[23/06/2016] - Public disclosure  
  
  
[-] CVE Reference:  
  
The Common Vulnerabilities and Exposures project (cve.mitre.org)  
has not assigned a CVE identifier for these vulnerabilities.  
  
  
[-] Credits:  
  
Vulnerabilities discovered by Egidio Romano.  
  
  
[-] Original Advisory:  
  
http://karmainsecurity.com/KIS-2016-04  
  
  
  
`