Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
SugarCRM Improper Restriction of XML External Entity Reference Vulnerability - CVE-2014-3244 - Vulnerability Database
SugarCRM

SugarCRM Improper Restriction of XML External Entity Reference Vulnerability - CVE-2014-3244

Critical
Reference: CVE-2014-3244
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-3244
Title: SugarCRM Improper Restriction of XML External Entity Reference Vulnerability
Overview:

XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.