Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2015/08/06/6 | Broken Link Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/03/02/5 | Broken Link Mailing List Third Party Advisory |
http://xiphosresearch.com/2016/03/01/Vulnerability-Inheritance-across-Forks.html | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2017-08-07 20:29
Updated : 2024-02-28 16:04
NVD link : CVE-2015-5946
Mitre link : CVE-2015-5946
CVE.ORG link : CVE-2015-5946
JSON object : View
Products Affected
sugarcrm
- sugarcrm
CWE
CWE-184
Incomplete List of Disallowed Inputs