Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a module=CallRest&url= query string. Proper input validation has been added to mitigate this issue.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SugarCRM 安全漏洞
Vulnerability Description
SugarCRM Professional是美国SugarCRM公司的一套开源的客户关系管理系统(CRM)的专业版。该系统支持对不同的客户需求进行差异化营销、管理和分配销售线索,实现销售代表的信息共享和追踪。Enterprise是企业版。Ultimate是旗舰版。 SugarCRM中存在远程文件包含漏洞。远程攻击者可借助module=CallRest&url= query字符串利用该漏洞包含可访问的系统文件。以下版本受到影响:SugarCRM Professional 7.9版本,7.8版本,7.7.2.
CVSS Information
N/A
Vulnerability Type
N/A