CVE-2023-35808

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-434
View all →

Vulnerability Description

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected.

Related Vulnerabilities

CVE-2010-3663

HIGH
CVSS:8.8(High)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arb...

CWE-4342010

CVE-2011-1597

HIGH
CVSS:8.8(High)

OpenVAS Manager v2.0.3 allows plugin remote code execution.

CWE-4342011

CVE-2011-4334

HIGH
CVSS:8.8(High)

edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the user...

CWE-4342011

CVE-2012-1592

HIGH
CVSS:8.8(High)

A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.

CWE-4342012

CVE-2013-1916

HIGH
CVSS:8.8(High)

In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (exe...

CWE-4342013

CVE-2013-3591

HIGH
CVSS:8.8(High)

vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability

CWE-4342013