CyberSec.Space Logo
CVEブラウザに戻る

CVE-2014-3244

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1040%
EPSS Percentile40.14th
Published2018年2月1日
Last Modified2024年11月21日

Vulnerability Description

XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.

Affected Platforms (CPE)

📦
Sugarcrm

Sugarcrm

< 6.5.16

References & Advisories

🔗 http://seclists.org/fulldisclosure/2014/Jun/92
🔗 http://www.securityfocus.com/bid/68102
🔗 https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294
🔗 http://seclists.org/fulldisclosure/2014/Jun/92
🔗 http://www.securityfocus.com/bid/68102
🔗 https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294

関連する脆弱性情報

CVE-2004-122510.0

SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and ga...

CVE-2004-122710.0

Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and p...

CVE-2020-74729.8

An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before ...

CVE-2012-06949.8

SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute...