Description
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2022-21294 Vulnerability (CVE-2022-21294)
WordPress Plugin WP Sitemap Page Cross-Site Scripting (1.6.6)
MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5615)
TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4614)