Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SugarCRM Enterprise 代码问题漏洞
Vulnerability Description
SugarCRM Enterprise是美国SugarCRM公司的一套开源的客户关系管理系统(CRM)的企业版。该系统支持对不同的客户需求进行差异化营销、管理和分配销售线索,实现销售代表的信息共享和追踪。 SugarCRM Enterprise 11.0.6 之前版本、12.x版本至12.0.3之前版本存在安全漏洞,该漏洞源于Notes模块缺少输入验证。攻击者利用该漏洞可以通过 Notes 模块注入和执行自定义 PHP 代码。
CVSS Information
N/A
Vulnerability Type
N/A