SugarCRM Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3244)
Description
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.