Description

SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.

Remediation

References

CVE-2012-0694

Related Vulnerabilities

WordPress Plugin myghpay WooCommerce Payment Gateway Cross-Site Scripting (3.0)

Apache HTTP Server Improper Input Validation Vulnerability (CVE-2017-9788)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0346)

Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-7187)

Oracle Database Server CVE-2008-0344 Vulnerability (CVE-2008-0344)

Severity

Critical

Classification

CVE-2012-0694 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities