Latest Security News about cve 2012 0694

SugarCRM CE unserialize PHP code execution in multiple files

Overview : SugarCRM CE <= 6.3.1 contains scripts that use “unserialize()” with user controlled input which allows remote attackers to execute arbitrary PHP code. Affected Product(s) : SugarCRM CE 6.3.1 Vulnerability Details : CVE ID : CVE-2012-0694 The vulnerability is caused due to all these scripts using “unserialize()” with user controlled input. This can be […]