CVE-2017-14509

Name: CVE-2017-14509
Creator: NVD / NIST
Published: 2017-09-17T21:29:00.28+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.77%

Last modified Jun 17, 2026

CVE-2017-14509 is a vulnerability of currently unknown severity. An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a module=CallRest&url= query string. EPSS estimates a 5.77% chance of exploitation in the next 30 days.

Description

An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a module=CallRest&url= query string. Proper input validation has been added to mitigate this issue.

Metrics

EPSS Probability

5.77%

92.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Sugarcrm	Sugarcrm	<= 7.7.2.2
Sugarcrm	Sugarcrm	6.5.26
Sugarcrm	Sugarcrm	7.8.0.0
Sugarcrm	Sugarcrm	7.8.0.1
Sugarcrm	Sugarcrm	7.8.1.0
Sugarcrm	Sugarcrm	7.8.2.0
Sugarcrm	Sugarcrm	7.8.2.1
Sugarcrm	Sugarcrm	7.9.0.0
Sugarcrm	Sugarcrm	7.9.0.1
Sugarcrm	Sugarcrm	7.9.1.0

References

https://blog.ripstech.com/2017/sugarcrm-security-diet-multiple-vulnerabilities/Exploit, Third Party Advisory
https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2017-007/Vendor Advisory
https://www.synology.com/support/security/Synology_SA_17_53_SugarCRM
https://blog.ripstech.com/2017/sugarcrm-security-diet-multiple-vulnerabilities/Exploit, Third Party Advisory
https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2017-007/Vendor Advisory
https://www.synology.com/support/security/Synology_SA_17_53_SugarCRM

Timeline

Published: Sep 17, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-14509?

How severe is CVE-2017-14509?

Severity scoring for CVE-2017-14509 is pending analysis. The EPSS model estimates a 5.77% probability of exploitation in the next 30 days.

How do I fix CVE-2017-14509?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-14509?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST