4 matches found
CVE-2024-58258
SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur...
CVE-2024-58258
SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur...
CVE-2024-58258
SugarCRM has a code injection flaw (CVE-2024-58258) in versions before 13.0.4 and 14.x before 14.0.1. The vulnerability arises from improper sanitization of user-supplied GET parameters in the /css/preview API, which is parsed as LESS and can be abused via @import to trigger SSRF and local file d...
CVE-2024-58258
SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur...