34 matches found
CVE-2023-35808
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input...
CVE-2023-35808
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input...
Unrestricted file upload
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input...
CVE-2023-35808
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input...
SugarCRM Enterprise 代码问题漏洞
SugarCRM Enterprise is an enterprise version of an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing for different customer needs, managing and distributing sales leads, and enabling information sharing and tracking of sales...
CVE-2023-35808
SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3 contains an Unrestricted File Upload flaw in the Notes module due to missing input validation. Crafted requests can inject and execute PHP code with regular user privileges. Affected editions include non-Enterprise as well. Technical detail...
PT-2023-25325 · Sugarcrm · Sugarcrm Enterprise
Name of the Vulnerable Software and Affected Versions: SugarCRM Enterprise versions prior to 11.0.6 SugarCRM Enterprise versions 12.x prior to 12.0.3 Description: An Unrestricted File Upload issue has been identified in the Notes module due to missing input validation. This allows custom PHP code...
CVE-2023-35808
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input...
Joomla内核SQL注入漏洞(CVE-2018-8045)
作者:绿盟科技 来源: CVE-2018-8045 漏洞简介 漏洞具体情况可参见绿盟科技安全威胁周报-201812周 Joomla! Core SQL注入漏洞: NSFOCUS ID:39158 CVE ID:CVE-2018-8045 受影响版本:Joomla! Joomla! 3.5.0-3.8.5 漏洞点评:Joomla是一套网站内容管理系统,使用PHP语言和MySQL数据库开发。Joomla! 3.5.0 -3.8.5版本对SQL语句内的变量缺少类型转换,导致User Notes列表视图内SQL注 入漏洞,可使攻击者访问或修改数据等。目前厂商已经发布了升级补丁,修复了这个...
CVE-2005-1378
SQL injection vulnerability in postingnotes.php in the notes module for phpBB allows remote attackers to execute arbitrary SQL commands via the p parameter, which is used in the $postid variable, and other attack vectors...
CVE-2005-1378
The CVE-2005-1378 issue is a SQL injection in phpBB’s notes module (posting_notes.php) where the p parameter sets the $post_id, enabling remote execution of arbitrary SQL. Affected component: phpBB notes module; vulnerability caused by unsafely using user-supplied input in SQL queries. NVD lists ...
phpBB Notes Module - SQL Injection
source: https://www.securityfocus.com/bid/13417/info The notes module for phpBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a...
CVE-2004-1655
Cross-site scripting XSS vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 CMpid parameter in the comments module or 2 the subject or message fields in the notes module...
CVE-2004-1655
Cross-site scripting XSS vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 CMpid parameter in the comments module or 2 the subject or message fields in the notes module...