vulnerability
FreeBSD: VID-3B776502-F601-44E0-87CD-B63F1B9AE42A (CVE-2017-14509): sugarcrm -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Sep 17, 2017 | Sep 27, 2017 | May 7, 2019 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Sep 17, 2017
Added
Sep 27, 2017
Modified
May 7, 2019
Description
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a module=CallRest&url= query string. Proper input validation has been added to mitigate this issue.
Solution
freebsd-upgrade-package-sugarcrm
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.