SugarCRM CE <= 6.3.1 contains scripts that use ...
Critical severity
Unreviewed
Published
Apr 23, 2022
to the GitHub Advisory Database
•
Updated Apr 3, 2024
Description
Published by the National Vulnerability Database
Oct 29, 2019
Published to the GitHub Advisory Database
Apr 23, 2022
Last updated
Apr 3, 2024
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
References