# Plataformas Vulneráveis a SSRF

{{#include ../../banners/hacktricks-training.md}}

Verifique **[https://blog.assetnote.io/2021/01/13/blind-ssrf-chains/](https://blog.assetnote.io/2021/01/13/blind-ssrf-chains/)**

- SugarCRM ≤ 14.0.0 – Injeção LESS `@import` em `/rest/v10/css/preview` permite SSRF não autenticado e leitura de arquivos locais.

{{#ref}}
../less-code-injection-ssrf.md
{{#endref}}

{{#include ../../banners/hacktricks-training.md}}