lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <576C5C93.9000109@karmainsecurity.com> Date: Fri, 24 Jun 2016 00:02:59 +0200 From: Egidio Romano <research@...mainsecurity.com> To: bugtraq@...urityfocus.com, fulldisclosure@...lists.org Subject: [FD] [KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities -------------------------------------------------------------- SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities -------------------------------------------------------------- [-] Software Link: http://www.sugarcrm.com/ [-] Affected Versions: Version 6.5.18 CE and prior versions. [-] Vulnerabilities Description: The application fails to properly check whether the user has administrator privileges within the following scripts: 1) /modules/Administration/ImportCustomFieldStructure.php 2) /modules/Administration/UpgradeWizard_commit.php 3) /modules/Connectors/controller.php ("RunTest" action) This can be exploited by authenticated users to access certain otherwise restricted administrative features or exploit further vulnerabilities within the affected scripts (e.g. a SQL injection vulnerability located within the ImportCustomFieldStructure.php file). [-] Solution: Update to version 6.5.19 CE or higher. [-] Disclosure Timeline: [22/10/2014] - Vendor notified [15/12/2014] - Version 6.5.19 CE released: http://bit.do/sugar6519 [29/04/2015] - CVE number requested [23/06/2016] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has not assigned a CVE identifier for these vulnerabilities. [-] Credits: Vulnerabilities discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2016-04 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists