Skip to main content

Chris McCurley

Directory Traversal, SQL Injection and Server-Side Request Forgery
Chris McCurley
CVE(s): CVE-2023-47300, CVE-2023-47301, CVE-2023-47302,CVE-2023-47303 Vendor: Sage Product: SageCRM Version(s) affected: Version 2023 R2 and earlier are affected by these vulnerabilities Fixed version: 2021 R2.5, 2022 R2.4, 2022 R2.5, 2023 R2.
Authenticated Arbitrary File Download (Path Traversal)
Chris McCurley
CVE(s): CVE-2023–31046 Vendor: PaperCut Product: PaperCut MF/NG Version(s) affected: < 22.1.1 Fixed version: 22.1.1 Background # An Authenticated Arbitrary File Download vulnerability was found in PaperCut NG/MF. PaperCut is a popular Print Management product that’s used globally by over 80,000 organisations.
Authenticated Arbitrary File Upload via Sitecore Package Manager (CVE-2017-5965)
Chris McCurley
CVE(s) CVE-2017-5965, CVE-2017-5966 Vendor: Sitecore Product: Sitecore Version(s) affected: 8.1 Rev 151207 Fixed version: None Authenticated Arbitrary File Upload via Sitecore Package Manager (CVE-2017-5965) # This vulnerability was subject to a 90-day disclosure timeframe after disclosure to vendor in February 2017.
SageCRM - SQL Injection, Arbitrary File Upload
Chris McCurley
CVE(s): CVE-2017-5219, CVE-2017-5218 Vendor: Sage Product: SageCRM Version(s) affected: 7.0.e and later Fixed version: 7.3 SP3 Release notes for the version containing appropriate fixes are located at SageCRM’s community site.