CVE-2014-3244

XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt