CyberSec.Space Logo
Back to CVE Browser

CVE-2014-3244

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1040%
EPSS Percentile40.14th
PublishedFeb 1, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.

Affected Platforms (CPE)

πŸ“¦
Sugarcrm

Sugarcrm

< 6.5.16

References & Advisories

πŸ”— http://seclists.org/fulldisclosure/2014/Jun/92
πŸ”— http://www.securityfocus.com/bid/68102
πŸ”— https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294
πŸ”— http://seclists.org/fulldisclosure/2014/Jun/92
πŸ”— http://www.securityfocus.com/bid/68102
πŸ”— https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294

Related Vulnerabilities

CVE-2004-122510.0

SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and ga...

CVE-2004-122710.0

Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and p...

CVE-2020-74729.8

An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before ...

CVE-2012-06949.8

SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute...