
SugarCRM 14.0.0 – SSRF/Code Injection
# Exploit Title : SugarCRM 14.0.0 – SSRF/Code Injection # Author: Egidio Romano aka EgiX # Email : n0b0d13s@gmail.com # Software Link: https://www.sugarcrm.com # Affected Versions: All commercial versions before 13.0.4 and 14.0.1. # CVE Reference: CVE-2024-58258 # Vulnerability Description: User input passed through GET parameters to the /css/preview REST API endpoint is…