Lucene search
+L

21 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-29650

Malware in sbrugna...

9.8CVSS9AI score0.02608EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-39804

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.01256EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/05/22 3:42 p.m.8 views

CVE-2020-8802

SuiteCRM through 7.11.11 has Incorrect Access Control via actionsaveHTMLField Bean Manipulation...

9.8CVSS7AI score0.02608EPSS
Exploits1References1
OSV
OSV
added 2024/03/06 11:10 a.m.11 views

BIT-SUITECRM-2020-8802

SuiteCRM through 7.11.11 has Incorrect Access Control via actionsaveHTMLField Bean Manipulation...

9.8CVSS9.6AI score0.02608EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2023/08/23 12:0 a.m.515 views

SugarCRM 12.2.0 Bean Manipulation

------------------------------------------------------------------------ SugarCRM = 12.2.0 updateGeocodeStatus Bean Manipulation Vulnerability ------------------------------------------------------------------------ - Software Link: https://www.sugarcrm.com - Affected Versions: Version 12.2.0 and...

8.8CVSS7.1AI score0.01256EPSS
Exploits2
NVD
NVD
added 2023/06/17 10:15 p.m.19 views

CVE-2023-35809

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges...

8.8CVSS8.7AI score0.01256EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2023/06/17 10:15 p.m.2 views

CVE-2023-35809

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges...

8.8CVSS5.6AI score0.01256EPSS
Exploits2References4
OSV
OSV
added 2023/06/17 10:15 p.m.3 views

CVE-2023-35809

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges...

8.8CVSS5.7AI score0.01256EPSS
Exploits2References3
Prion
Prion
added 2023/06/17 10:15 p.m.13 views

Input validation

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges...

6.5CVSS8.6AI score0.01256EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/17 12:0 a.m.5 views

PT-2023-25326 · Sugarcrm · Sugarcrm Enterprise

Name of the Vulnerable Software and Affected Versions: SugarCRM Enterprise versions prior to 11.0.6 SugarCRM Enterprise versions 12.x prior to 12.0.3 Description: An issue has been identified in the REST API of SugarCRM, allowing for a Bean Manipulation vulnerability. This vulnerability can be...

8.8CVSS7.4AI score0.01256EPSS
Exploits2References7
Cvelist
Cvelist
added 2023/06/17 12:0 a.m.24 views

CVE-2023-35809

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges...

8.8AI score0.01256EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2023/01/03 6:30 p.m.38 views

Apache Dubbo vulnerable to remote code execution via Telnet Handler

Apache Dubbo is a Java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-authorization remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic...

9.8CVSS5.6AI score0.02909EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/01/03 6:30 p.m.82 views

GHSA-FPRR-RRM8-4534 Apache Dubbo vulnerable to remote code execution via Telnet Handler

Apache Dubbo is a Java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-authorization remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic...

9.8CVSS9.8AI score0.02909EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/01/03 12:0 a.m.4 views

CVE-2021-32824 Regular expression Denial of Service in MooTools

Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods t...

9.8CVSS10AI score0.02909EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/06/26 12:0 a.m.13 views

PT-2021-19956 · Apache · Apache Dubbo

Name of the Vulnerable Software and Affected Versions: Apache Dubbo versions prior to 2.6.10 and 2.7.10 Description: Apache Dubbo is a Java-based, open-source RPC framework. The issue concerns pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main...

9.8CVSS9.8AI score0.02909EPSS
Exploits1References9
OSV
OSV
added 2020/02/13 4:15 p.m.13 views

CVE-2020-8802

SuiteCRM through 7.11.11 has Incorrect Access Control via actionsaveHTMLField Bean Manipulation...

9.8CVSS7AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/02/13 4:15 p.m.2 views

CVE-2020-8802

SuiteCRM through 7.11.11 has Incorrect Access Control via actionsaveHTMLField Bean Manipulation...

9.8CVSS5.3AI score0.02608EPSS
Exploits1References4
Prion
Prion
added 2020/02/13 4:15 p.m.13 views

Information disclosure

SuiteCRM through 7.11.11 has Incorrect Access Control via actionsaveHTMLField Bean Manipulation...

7.5CVSS9.4AI score0.02608EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2020/02/13 3:13 p.m.56 views

CVE-2020-8802

Summary (CVE-2020-8802) : SuiteCRM up to version 7.11.11 is affected by an Incorrect Access Control via the HomeController::action_saveHTMLField() bean manipulation, which can create or modify arbitrary beans. This enables potential second-order SQL injection or PHP object injection as described ...

9.8CVSS9.5AI score0.02608EPSS
Exploits1References3Affected Software1
Packet Storm
Packet Storm
added 2020/02/13 12:0 a.m.159 views

SuiteCRM 7.11.11 Bean Manipulation

-------------------------------------------------------------------------- SuiteCRM = 7.11.11 actionsaveHTMLField Bean Manipulation Vulnerability -------------------------------------------------------------------------- - Software Link: https://suitecrm.com/ - Affected Versions: Version 7.11.11...

9.7AI score0.02608EPSS
Exploits1
Rows per page
Query Builder