7.8

CVE-2015-5946

Exploit
Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SugarcrmSugarcrm Version6.5.22
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.65% 0.735
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-184 Incomplete List of Disallowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

http://www.openwall.com/lists/oss-security/2015/08/06/6
Third Party Advisory
Broken Link
Mailing List
http://www.openwall.com/lists/oss-security/2016/03/02/5
Third Party Advisory
Broken Link
Mailing List
http://xiphosresearch.com/2016/03/01/Vulnerability-Inheritance-across-Forks.html
Third Party Advisory
Exploit