CVE-2014-3244

XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
References
Link Resource
https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294 Exploit Third Party Advisory
http://www.securityfocus.com/bid/68102 Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2014/Jun/92 Mailing List Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:*:*:*:*

Information

Published : 2018-02-01 09:29

Updated : 2018-02-15 08:23


NVD link : CVE-2014-3244

Mitre link : CVE-2014-3244


JSON object : View

CWE
CWE-611

Improper Restriction of XML External Entity Reference

Advertisement

dedicated server usa

Products Affected

sugarcrm

  • sugarcrm