// For flags

CVE-2017-14509

 

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a module=CallRest&url= query string. Proper input validation has been added to mitigate this issue.

Existe un problema en SugarCRM en versiones anteriores a la 7.7.2.3, en versiones 7.8.x anteriores a la 7.8.2.2 y en versiones 7.9.x anteriores a la 7.9.2.0 (y Sugar Community Edition 6.5.26). Existe una vulnerabilidad de inclusión remota de archivos en el módulo Connectors que permite a usuarios autenticados incluir archivos de sistema que se pueden acceder remotamente mediante una cadena de consulta module=CallRest&url=. Una validación de valores de entrada correcta mitigaría este problema.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-09-17 CVE Reserved
  • 2017-09-17 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sugarcrm
Search vendor "Sugarcrm"
Sugarcrm
Search vendor "Sugarcrm" for product "Sugarcrm"
<= 7.7.2.2
Search vendor "Sugarcrm" for product "Sugarcrm" and version " <= 7.7.2.2"
-
Affected
Sugarcrm
Search vendor "Sugarcrm"
Sugarcrm
Search vendor "Sugarcrm" for product "Sugarcrm"
6.5.26
Search vendor "Sugarcrm" for product "Sugarcrm" and version "6.5.26"
community
Affected
Sugarcrm
Search vendor "Sugarcrm"
Sugarcrm
Search vendor "Sugarcrm" for product "Sugarcrm"
7.8.0.0
Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.8.0.0"
-
Affected
Sugarcrm
Search vendor "Sugarcrm"
Sugarcrm
Search vendor "Sugarcrm" for product "Sugarcrm"
7.8.0.1
Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.8.0.1"
-
Affected
Sugarcrm
Search vendor "Sugarcrm"
Sugarcrm
Search vendor "Sugarcrm" for product "Sugarcrm"
7.8.1.0
Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.8.1.0"
-
Affected
Sugarcrm
Search vendor "Sugarcrm"
Sugarcrm
Search vendor "Sugarcrm" for product "Sugarcrm"
7.8.2.0
Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.8.2.0"
-
Affected
Sugarcrm
Search vendor "Sugarcrm"
Sugarcrm
Search vendor "Sugarcrm" for product "Sugarcrm"
7.8.2.1
Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.8.2.1"
-
Affected
Sugarcrm
Search vendor "Sugarcrm"
Sugarcrm
Search vendor "Sugarcrm" for product "Sugarcrm"
7.9.0.0
Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.9.0.0"
-
Affected
Sugarcrm
Search vendor "Sugarcrm"
Sugarcrm
Search vendor "Sugarcrm" for product "Sugarcrm"
7.9.0.1
Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.9.0.1"
-
Affected
Sugarcrm
Search vendor "Sugarcrm"
Sugarcrm
Search vendor "Sugarcrm" for product "Sugarcrm"
7.9.1.0
Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.9.1.0"
-
Affected