Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-58258
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
SugarCRM 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SugarCRM是美国SugarCRM公司的一套开源的客户关系管理系统(CRM)。该系统支持对不同的客户需求进行差异化营销、管理和分配销售线索,实现销售代表的信息共享和追踪。 SugarCRM 13.0.4之前版本和14.0.1之前版本存在代码注入漏洞,该漏洞源于API模块存在SSRF,可能导致有限类型的代码注入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
SugarCRMSugarCRM 0 ~ 13.0.4 -
II. Public POCs for CVE-2024-58258
#POC DescriptionSource LinkShenlong Link
1Proof‑of‑concept for CVE‑2024‑58258, a SugarCRM (<13.0.4 / <14.0.1) flaw where user input is parsed as LESS in /css/preview, allowing unauthenticated SSRF or local file access.https://github.com/Web3-Serializer/CVE-2024-58258POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2024-58258
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: SugarCRM
Same vendor: SugarCRM
Same weakness: CWE-94
V. Comments for CVE-2024-58258

No comments yet

Leave a comment