Security Advisory

CVE-2020-7472

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-11-12 17:33:23

Last updated 2024-08-04 09:33:18

Assigner mitre

State PUBLISHED

Description

An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. (This is exploitable even after installation is completed.).

← Browse all CVEs View on cve.org ↗