Description
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user.
Remediation
References
Related Vulnerabilities
MongoDb Uncontrolled Recursion Vulnerability (CVE-2025-6710)
Undertow Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2023-1108)
WordPress Plugin SocialGrid 'default_services' Parameter Cross-Site Scripting (2.3)
WordPress Plugin NextGEN Gallery Sell Photo Cross-Site Scripting (1.0.4)