Full title: SugarCRM ConnectorsController Server-Side Request Forgery Vulnerability 
Category: web applications
Platform: php
SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a server-side request forgery vulnerability. The vulnerability is located within the "ConnectorsController::action_CallRest()" method. User input passed through the "url" request parameter is not properly sanitized before being used in a call to the "file_get_contents" function.

# 0day.today @ http://0day.today/