CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-5946

Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.7%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 4.6

References

http://www.openwall.com/lists/oss-security/2015/08/06/6
http://www.openwall.com/lists/oss-security/2016/03/02/5
http://xiphosresearch.com/2016/03/01/Vulnerability-Inheritance-across-Forks.html
http://www.openwall.com/lists/oss-security/2015/08/06/6
http://www.openwall.com/lists/oss-security/2016/03/02/5
http://xiphosresearch.com/2016/03/01/Vulnerability-Inheritance-across-Forks.html

Products affected by CVE-2015-5946

Sugarcrm » Sugarcrm » Version: 6.5.22

cpe:2.3:a:sugarcrm:sugarcrm:6.5.22

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-5946

Products

Pricing

Contact Us