漏洞类别:CGI
漏洞等级: 
漏洞信息
Sugar is a complete CRM solution that automates core sales, customer service and marketing processes, with a focus on the individual.
SugarCRM contains a flaw that could allow a remote attacker to execute arbitrary code on the system due to improper validation of user controlled input via the unserialize() function.
Affected Versions:
SugarCRM CE 6.5.23 and prior versions are vulnerable.
漏洞危害
An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP code in the context of the affected application.
解决方案
Please refer to sugarCRM-SA-2016-008 and sugarCRM-SA-2016-001 for more information about the update.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论