SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
References
Link | Resource |
---|---|
https://security-tracker.debian.org/tracker/CVE-2012-0694 | Third Party Advisory |
https://seclists.org/bugtraq/2012/Jun/165 | Mailing List Third Party Advisory |
https://www.exploit-db.com/exploits/19381 | Exploit Third Party Advisory VDB Entry |
Configurations
Information
Published : 2019-10-29 14:15
Updated : 2019-11-01 11:32
NVD link : CVE-2012-0694
Mitre link : CVE-2012-0694
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
sugarcrm
- sugarcrm