High
CVSS 7.2
Overview
SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur.
CVE-2024-58258
SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module beca...
Risk analysis
This vulnerability is rated 🟠 HIGH.
- CVSS: 7.2 (HIGH)
- Detected tags: ssrf (tag impact: MODERATE)
Recommended actions:
- Deny access to internal/metadata addresses; use outbound allowlists.