Description

SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.

Remediation

References

CVE-2012-0694

Related Vulnerabilities

WordPress Plugin Advanced Custom Fields PRO PHP Object Injection (6.0.7)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-3378)

WordPress Plugin AW WordPress Yearly Category Archives Unspecified Vulnerability (1.2.1)

Perl Integer Overflow or Wraparound Vulnerability (CVE-2020-10878)

WordPress Plugin WR ContactForm SQL Injection (1.1.9)

Severity

Critical

Classification

CVE-2012-0694 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities