Subscribe via feed.

SugarCRM 6.5.18 fopen() Command Injection / XSS / SSRF

Posted by deepcore on June 25, 2016 – 12:07 am

SugarCRM versions 6.5.18 and below suffer from a MySugar::addDashlet insecure fopen() usage that can lead to command injection, cross site scripting, and server-side request forgery exploitation.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.