Sitecore CRM 8.1
Approved changes feed: RSS · Atom
cpe:2.3:a:sitecore:crm:8.1:*:*:*:*:*:*:*
part: a version: 8.1 update: *
| Vendor | Sitecore (a7d448aa-2b42-539c-981e-05d11ea00680) |
|---|---|
| Product | Crm (c7d1b10d-ee52-5d80-97fe-a09a4523f095) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2017-5966 |
vulnerable | 2026-06-03 14:37:26.716334 |
Details available
Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter.
Published: 2017-05-23T05:14:00.000Z
Updated: 2024-08-05T15:18:49.056Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-5965 |
vulnerable | 2026-06-03 14:37:26.715941 |
Details available
The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload this archive and extract its contents, and visiting a URI under sitecore/ to execute the .asp file.
Published: 2017-05-23T05:14:00.000Z
Updated: 2024-08-05T15:18:49.559Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.