Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

SugarCRM Community Edition RSS模块信息泄露漏洞

🗓️ 30 Apr 2008 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 53 Views

SugarCRM Community Edition RSS模块信息泄露漏

Code

                                                如果通过认证的攻击者在RSS URL字段中输入了etc/passwd值,应用程序就会生成包含有文件路径字符串的MD5哈希,etc/passwd值哈希为5068b7c2b1707f8939b283a2758a691,然后将这个MD5哈希用作了/etc/passwd文件内容的文件名,这样就可以在http://sugarwebsiteaddress/cache/feeds/c5068b7c2b1707f8939b283a2758a691 公开查看/etc/passwd文件。

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 Apr 2008 00:00Current
6.9Medium risk
Vulners AI Score6.9
sugarcrmcommunity editionrss moduleinformation leakagevulnerabilitycache directoryremote attackpatchupgradedownload linkexploit
53