18 matches found
EUVD-2017-14325
Malware in sbrugna...
EUVD-2017-14324
Malware in sbrugna...
PT-2024-13439 · Undefined · Undefined
SageCRM Directory Traversal, SQL Injection and Server-Side Request Forgery CVEs: CVE-2023-47300, CVE-2023-47301, CVE-2023-47302,CVE-2023-47303 https://t.co/HSou9Momct...
PT-2024-13441 · Undefined · Undefined
SageCRM Directory Traversal, SQL Injection and Server-Side Request Forgery CVEs: CVE-2023-47300, CVE-2023-47301, CVE-2023-47302,CVE-2023-47303 https://t.co/HSou9Momct...
The vulnerability of the component’s dispatcher in SageCRM’s customer relationship management system allows a hacker to increase their privileges and impact the confidentiality, integrity, and accessibility of data.
The vulnerability of the component dispatcher in SageCRM’s customer relationship management system is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to increase their privileges and compromise the confidentiality, integrity, and...
SageCRM SQL Injection Vulnerability
SageCRM is a customer relationship management system CRM. SageCRM suffers from a SQL injection vulnerability, which is exploited by attackers to access or modify data or exploit potential vulnerabilities in the underlying database because the program fails to adequately filter user-supplied input...
SageCRM Arbitrary File Upload Vulnerability
SageCRM is a customer relationship management system CRM. An arbitrary file upload vulnerability exists in SageCRM due to the program failing to adequately validate user input. An attacker could exploit the vulnerability to upload arbitrary files to an affected computer...
CVE-2017-5218
A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The APDocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable c...
CVE-2017-5219
An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component...
Sql injection
A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The APDocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable c...
Input validation
An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component...
CVE-2017-5219
An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component...
CVE-2017-5218
A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The APDocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable c...
CVE-2017-5219
An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component...
CVE-2017-5219
CVE-2017-5219 affects SageCRM 7.x prior to 7.3 SP3. The Component Manager allows uploading a zip containing a valid .ecf component file, which is extracted to the inf directory outside the webroot. A crafted zip with an empty .ecf can cause arbitrary files to be extracted, including a web shell n...
CVE-2017-5218
CVE-2017-5218 affects SageCRM 7.x before 7.3 SP3. The vulnerability lies in AP_DocumentUI.asp where Utilityfuncs.js assembles a SQL statement using a database variable that can be populated via the URL, enabling manipulation to access the underlying database. A proof-of-concept payload demonstrat...
CVE-2017-5218
A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The APDocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable c...
sagecrm.com XSS vulnerability
Vulnerable URL: http://www.sagecrm.com/middleeast/success-stories/listing.php?search=netizen01k%22%20autofocus%20onfocus=alert%28/OPENBUGBOUNTY/%29%20%22 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 179022 VIP...