Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing input validation. Admin user privileges are required to exploit this vulnerability. Editions other than Enterprise are also affected.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SugarCRM Enterprise 注入漏洞
Vulnerability Description
SugarCRM Enterprise是美国SugarCRM公司的一套开源的客户关系管理系统(CRM)的企业版。该系统支持对不同的客户需求进行差异化营销、管理和分配销售线索,实现销售代表的信息共享和追踪。 SugarCRM Enterprise 11.0.6 之前版本、12.x版本至12.0.3之前版本存在安全漏洞,该漏洞源于在 DocuSign 模块中存在二阶 PHP 对象注入,攻击者利用该漏洞可以通过DocuSign 模块注入和执行自定义 PHP 代码。
CVSS Information
N/A
Vulnerability Type
N/A