![]() By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input validation. An Unrestricted File Upload vulnerability has been identified in the Notes module. ![]() Editions other than Enterprise are also affected.Īn issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Regular user privileges can be used to exploit this vulnerability. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. A Bean Manipulation vulnerability has been identified in the REST API. Admin user privileges are required to exploit this vulnerability. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing input validation. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. _joinPath in in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.Īn issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |