35 matches found
Code injection
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user...
Code injection
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user...
CVE-2019-17301
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user...
CVE-2019-17301
CVE-2019-17301 affects SugarCRM before 8.0.4 and 9.x before 9.0.2, allowing a PHP code injection in the ModuleBuilder module by an Admin user. The issue originates from inadequate input handling in ModuleBuilder, as described in multiple sources. CVSS indicates moderate to high impact: CVSS v3.1 ...
CVE-2019-17302
Summary: CVE-2019-17302 affects SugarCRM, specifically the ModuleBuilder module. Compared with several connected sources, the vulnerability enables PHP code injection by a Developer user in SugarCRM versions listed as vulnerable: before 8.0.4 and before 9.0.2 (i.e., 8.0.0–8.0.3 and 9.x prior to 9...
CVE-2019-17302
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user...
ModuleBuilder 1.0 - (file) Remote File Disclosure Vulnerability
No description provided by source. ModuleBuilder V1.0 file Remote File Disclosure Vulnerability http://www.sugarforge.org/frs/download.php/1274/installModuleBuilderV1.0.zip /modules/Builder/DownloadModule.php?file=../../../../../../../../etc/passwd%00 milw0rm.com 2007-10-31...
CVE-2007-5812
Directory traversal vulnerability in modules/Builder/DownloadModule.php in ModuleBuilder 1.0 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...
Directory traversal
Directory traversal vulnerability in modules/Builder/DownloadModule.php in ModuleBuilder 1.0 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...
CVE-2007-5812
Directory traversal vulnerability in modules/Builder/DownloadModule.php in ModuleBuilder 1.0 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...
CVE-2007-5812
CVE-2007-5812 affects Module Builder 1.0 within SugarCRM, where the PHP script modules/Builder/DownloadModule.php fails to validate the file parameter before using it to read and disclose file contents. This directory traversal vulnerability allows remote attackers to read arbitrary files on the ...
ModuleBuilder V1.0 (file) Remote File Disclosure Vulnerability
No description provided by source. ModuleBuilder V1.0 file Remote File Disclosure Vulnerability http://www.sugarforge.org/frs/download.php/1274/installModuleBuilderV1.0.zip /modules/Builder/DownloadModule.php?file=../../../../../../../../etc/passwd%00 sebug.net...
ModuleBuilder 1.0 - file Remote File Disclosure
ModuleBuilder 1.0 - file Remote File Disclosure ModuleBuilder V1.0 file Remote File Disclosure Vulnerability http://www.sugarforge.org/frs/download.php/1274/installModuleBuilderV1.0.zip /modules/Builder/DownloadModule.php?file=../../../../../../../../etc/passwd%00 milw0rm.com 2007-10-31...
ModuleBuilder V1.0 (file) Remote File Disclosure Vulnerability
Exploit for unknown platform in category web applications ============================================================== ModuleBuilder V1.0 file Remote File Disclosure Vulnerability ============================================================== ModuleBuilder V1.0 file Remote File Disclosure...
ModuleBuilder 1.0 - 'file' Remote File Disclosure
ModuleBuilder V1.0 file Remote File Disclosure Vulnerability http://www.sugarforge.org/frs/download.php/1274/installModuleBuilderV1.0.zip /modules/Builder/DownloadModule.php?file=../../../../../../../../etc/passwd%00 milw0rm.com 2007-10-31...