17 matches found
EUVD-2017-14325
Malware in sbrugna...
EUVD-2017-14324
Malware in sbrugna...
PT-2024-13441 · Undefined · Undefined
SageCRM Directory Traversal, SQL Injection and Server-Side Request Forgery CVEs: CVE-2023-47300, CVE-2023-47301, CVE-2023-47302,CVE-2023-47303 https://t.co/HSou9Momct...
PT-2024-13439 · Undefined · Undefined
SageCRM Directory Traversal, SQL Injection and Server-Side Request Forgery CVEs: CVE-2023-47300, CVE-2023-47301, CVE-2023-47302,CVE-2023-47303 https://t.co/HSou9Momct...
SageCRM Arbitrary File Upload Vulnerability
SageCRM is a customer relationship management system CRM. An arbitrary file upload vulnerability exists in SageCRM due to the program failing to adequately validate user input. An attacker could exploit the vulnerability to upload arbitrary files to an affected computer...
SageCRM SQL Injection Vulnerability
SageCRM is a customer relationship management system CRM. SageCRM suffers from a SQL injection vulnerability, which is exploited by attackers to access or modify data or exploit potential vulnerabilities in the underlying database because the program fails to adequately filter user-supplied input...
CVE-2017-5218
A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The APDocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable c...
CVE-2017-5219
An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component...
Input validation
An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component...
CVE-2017-5218
A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The APDocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable c...
Sql injection
A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The APDocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable c...
CVE-2017-5219
An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component...
CVE-2017-5218
A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The APDocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable c...
CVE-2017-5218
CVE-2017-5218 affects SageCRM 7.x before 7.3 SP3. The vulnerability lies in AP_DocumentUI.asp where Utilityfuncs.js assembles a SQL statement using a database variable that can be populated via the URL, enabling manipulation to access the underlying database. A proof-of-concept payload demonstrat...
CVE-2017-5219
CVE-2017-5219 affects SageCRM 7.x prior to 7.3 SP3. The Component Manager allows uploading a zip containing a valid .ecf component file, which is extracted to the inf directory outside the webroot. A crafted zip with an empty .ecf can cause arbitrary files to be extracted, including a web shell n...
CVE-2017-5219
An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component...
sagecrm.com XSS vulnerability
Vulnerable URL: http://www.sagecrm.com/middleeast/success-stories/listing.php?search=netizen01k%22%20autofocus%20onfocus=alert%28/OPENBUGBOUNTY/%29%20%22 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 179022 VIP...