CVE-2017-5219
CVE-2017-5219 affects SageCRM 7.x prior to 7.3 SP3. The Component Manager allows uploading a zip containing a valid .ecf component file, which is extracted to the inf directory outside the webroot. A crafted zip with an empty .ecf can cause arbitrary files to be extracted, including a web shell n...