8.8

CVE-2023-46815

EPSS 0.24%
Veröffentlicht 27.10.2023 04:15:10
Zuletzt bearbeitet 21.11.2024 08:29:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with regular user privileges can exploit this.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sugarcrm ≫ Sugarcrm SwEditionenterprise Version >= 12.0.0 < 12.0.4

Sugarcrm ≫ Sugarcrm SwEditionsell Version >= 12.0.0 < 12.0.4

Sugarcrm ≫ Sugarcrm SwEditionserve Version >= 12.0.0 < 12.0.4

Sugarcrm ≫ Sugarcrm Version13.0.0 SwEditionenterprise

Sugarcrm ≫ Sugarcrm Version13.0.0 SwEditionsell

Sugarcrm ≫ Sugarcrm Version13.0.0 SwEditionserve

Sugarcrm ≫ Sugarcrm Version13.0.1 SwEditionenterprise

Sugarcrm ≫ Sugarcrm Version13.0.1 SwEditionsell

Sugarcrm ≫ Sugarcrm Version13.0.1 SwEditionserve

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.469

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://support.sugarcrm.com/resources/security/sugarcrm-sa-2023-011/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-46815

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-46815

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-46815

EUVD