vendor:
SugarCRM
by:
sw33t.0day
9.8
CVSS
CRITICAL
Remote Code Execution (RCE)
78
CWE
Product Name: SugarCRM
Affected Version From: all commercial versions up to 12.2.0
Affected Version To: 12.2.2000
Patch Exists: YES
Related CWE:
CPE:
Platforms Tested:
2020
SugarCRM 12.2.0 – Remote Code Execution (RCE)
A vulnerability in SugarCRM versions up to 12.2.0 allows an attacker to execute arbitrary code on the server. This is due to the application not properly validating user-supplied input. An attacker can exploit this vulnerability by sending a malicious request to the server. This can allow the attacker to execute arbitrary code on the server.
Mitigation:
Upgrade to the latest version of SugarCRM and ensure that all user-supplied input is properly validated.