22 matches found
EUVD-2019-7730
Malware in sbrugna...
EUVD-2021-28611
Malicious code in bioql PyPI...
CVE-2019-17317
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user...
BIT-SUITECRM-2021-41597
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive...
SuiteCRM Cross-Site Request Forgery Vulnerability
SuiteCRM is a customer relationship management system from the SuiteCRM Suitecrm team.SuiteCRM has a cross-site request forgery vulnerability in versions prior to 7.11.21, which stems from the software's lack of token validation for cross-site request forgery. If the ZIP archive file contains PHP...
CVE-2021-41597
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive...
CVE-2021-41597
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive...
Cross site request forgery (csrf)
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive...
CVE-2021-41597
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive...
CVE-2021-41597
SuiteCRM 7.11.21 and earlier are affected by a CSRF vulnerability in the UpgradeWizard feature that allows remote code execution if a ZIP archive contains PHP files. The root cause is CSRF lacking proper token validation during upgrade operations, enabling an attacker-controlled ZIP payload to tr...
SuiteCRM 跨站请求伪造漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM Suitecrm team.SuiteCRM has a cross-site request forgery vulnerability in versions prior to 7.11.21, which stems from the software's lack of token validation for cross-site request forgery. If the ZIP archive file contains PHP...
PT-2022-11437 · Suitecrm · Suitecrm
Name of the Vulnerable Software and Affected Versions: SuiteCRM versions 7.11.21 and earlier Description: The issue allows for remote code execution via the UpgradeWizard functionality if a PHP file is included in a ZIP archive. This is made possible by a CSRF vulnerability. Recommendations: For...
SuiteCRM 7.11.11 Phar Deserialization
----------------------------------------------------------------- SuiteCRM = 7.11.11 Multiple Phar Deserialization Vulnerabilities ----------------------------------------------------------------- - Software Link: https://suitecrm.com/ - Affected Versions: Version 7.11.11 and prior versions. -...
SugarCRM 9.0.1 Phar Deserialization
--------------------------------------------------------------- SugarCRM = 9.0.1 Multiple Phar Deserialization Vulnerabilities --------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions: Version 9.0.1 and prior versions, 8.0.3 and...
SugarCRM UpgradeWizard Module PHP Object Injection Vulnerability
SugarCRM is a set of open source customer relationship management software . A PHP object injection vulnerability exists in the UpgradeWizard module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit the vulnerability to inject custom PHP code...
CVE-2019-17317
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user...
CVE-2019-17317
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user...
Code injection
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user...
CVE-2019-17317
SugarCRM vulnerability CVE-2019-17317 affects SugarCRM before 8.0.4 and 9.x before 9.0.2, where an Admin can trigger PHP object injection via the UpgradeWizard module. The root cause is input handling in UpgradeWizard that allows object injection, enabling impact as described in affected advisori...
CVE-2019-17317
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user...