SugarCRM Incomplete List of Disallowed Inputs Vulnerability - CVE-2015-5946 - Vulnerability Database

SugarCRM Incomplete List of Disallowed Inputs Vulnerability - CVE-2015-5946

High

Reference: CVE-2015-5946

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-5946

Title: SugarCRM Incomplete List of Disallowed Inputs Vulnerability

Overview:

Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.