XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
References
Link | Resource |
---|---|
https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294 | Exploit Third Party Advisory |
http://www.securityfocus.com/bid/68102 | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2014/Jun/92 | Mailing List Third Party Advisory |
Configurations
Information
Published : 2018-02-01 09:29
Updated : 2018-02-15 08:23
NVD link : CVE-2014-3244
Mitre link : CVE-2014-3244
JSON object : View
CWE
CWE-611
Improper Restriction of XML External Entity Reference
Products Affected
sugarcrm
- sugarcrm