Home / os / winmobile

SugarCRM ConnectorsController Server-Side Request Forgery

Posted on 03 January 2019

SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a server-side request forgery vulnerability. The vulnerability is located within the "ConnectorsController::action_CallRest()" method. User input passed through the "url" request parameter is not properly sanitized before being used in a call to the "file_get_contents" function.

 

TOP

Malware :

Exploits :