CNNVD-202507-1790 Information
CNNVD ID
CNNVD-202507-1790
Related CVE
- CNNVD Published: 2025-07-13
Description (Chinese)
SugarCRM是美国SugarCRM公司的一套开源的客户关系管理系统(CRM)。该系统支持对不同的客户需求进行差异化营销、管理和分配销售线索,实现销售代表的信息共享和追踪。 SugarCRM 13.0.4之前版本和14.0.1之前版本存在代码注入漏洞,该漏洞源于API模块存在SSRF,可能导致有限类型的代码注入。
Description (English)
SugarCRM is an open-source customer relationship management system (CRM) for SugarCRM in the United States. The system supports differentiated marketing of different customer needs, management and distribution of sales trails, as well as information-sharing and tracking of sales representatives. SugarCRM 13.0.4 and 14.0.1 had a code injection loophole, which originated from the presence of SSRF in the API module and could lead to a limited type of code injection.
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
SugarCRM
Published
2025-07-13
Last Modified
2026-02-24
References
https://support.sugarcrm.com/resources/security/sugarcrm-sa-2024-059/ https://cxsecurity.com/issue/WLB-2025080008 https://www.exploit-db.com/exploits/52365 https://access.redhat.com/security/cve/cve-2024-58258
Patch
https://www.sugarcrm.com/download/
Share on: