CVE-2017-14509
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a module=CallRest&url= query string. Proper input validation has been added to mitigate this issue.
Existe un problema en SugarCRM en versiones anteriores a la 7.7.2.3, en versiones 7.8.x anteriores a la 7.8.2.2 y en versiones 7.9.x anteriores a la 7.9.2.0 (y Sugar Community Edition 6.5.26). Existe una vulnerabilidad de inclusión remota de archivos en el módulo Connectors que permite a usuarios autenticados incluir archivos de sistema que se pueden acceder remotamente mediante una cadena de consulta module=CallRest&url=. Una validación de valores de entrada correcta mitigaría este problema.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-09-17 CVE Reserved
- 2017-09-17 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://www.synology.com/support/security/Synology_SA_17_53_SugarCRM | X_refsource_confirm |
|
URL | Date | SRC |
---|---|---|
https://blog.ripstech.com/2017/sugarcrm-security-diet-multiple-vulnerabilities | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2017-007 | 2017-12-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | <= 7.7.2.2 Search vendor "Sugarcrm" for product "Sugarcrm" and version " <= 7.7.2.2" | - |
Affected
| ||||||
Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | 6.5.26 Search vendor "Sugarcrm" for product "Sugarcrm" and version "6.5.26" | community |
Affected
| ||||||
Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | 7.8.0.0 Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.8.0.0" | - |
Affected
| ||||||
Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | 7.8.0.1 Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.8.0.1" | - |
Affected
| ||||||
Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | 7.8.1.0 Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.8.1.0" | - |
Affected
| ||||||
Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | 7.8.2.0 Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.8.2.0" | - |
Affected
| ||||||
Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | 7.8.2.1 Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.8.2.1" | - |
Affected
| ||||||
Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | 7.9.0.0 Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.9.0.0" | - |
Affected
| ||||||
Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | 7.9.0.1 Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.9.0.1" | - |
Affected
| ||||||
Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | 7.9.1.0 Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.9.1.0" | - |
Affected
|