CVE-2019-14472

Name of the Vulnerable Software and Affected Versions Zurmo version 3.2.7-2

Description The issue is related to a security problem where an attacker can inject malicious code. The problem occurs via the "app/index.php/zurmo/default" API endpoint, specifically through the PATH INFO.

Recommendations For Zurmo version 3.2.7-2, consider restricting access to the "app/index.php/zurmo/default" API endpoint until a patch is available. As a temporary workaround, avoid using this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.