SugarCRM 6.5.18 fopen() Command Injection / XSS / SSRF
Posted by deepcore on June 25, 2016 – 12:07 am
SugarCRM versions 6.5.18 and below suffer from a MySugar::addDashlet insecure fopen() usage that can lead to command injection, cross site scripting, and server-side request forgery exploitation.
Post a reply
You must be logged in to post a comment.