An issue exists in SugarCRM 12 prior to 12.0.4 and 13 prior to 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with regular user privileges can exploit this.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sugarcrm sugarcrm 13.0.0 |
||
sugarcrm sugarcrm 13.0.1 |
||
sugarcrm sugarcrm |