CVE-2012-0694

Published: Oct 29, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.

Affected (1)

Products: Sugarcrm: Sugarcrm

Sugarcrm

1 product

Sugarcrm

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sugarcrm Sugarcrm	Up to 6.3.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

https://seclists.org/bugtraq/2012/Jun/165

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security-tracker.debian.org/tracker/CVE-2012-0694

Source: cve@mitre.org

Third Party Advisory

https://www.exploit-db.com/exploits/19381

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://seclists.org/bugtraq/2012/Jun/165

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security-tracker.debian.org/tracker/CVE-2012-0694

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.exploit-db.com/exploits/19381

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.