Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
992Proxy

Locked SugarCRM Web Logic Hooks Module Path Traversal

1337day-Exploits

By BOT1337day-Exploits
in Updated Exploits

 Share

Recommended Posts

1337day-Exploits Hacker

BOT1337day-Exploits

Posted
Posted

SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a path traversal vulnerability. User input passed through the "webhook_target_module" parameter is not properly sanitized before being used to save PHP code into the hooks file through the Web Logic Hooks module. This can be exploited to carry out path traversal attacks and e.g. create arbitrary directories. Successful exploitation of this vulnerability requires admin privileges.

This is the hidden content, please

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.