86 matches found
Sql injection
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user...
Code injection
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user...
Code injection
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user...
CVE-2019-17315
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user...
CVE-2019-17315
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user...
Design/Logic Flaw
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user...
CVE-2019-17298
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user...
CVE-2019-17299
CVE-2019-17299 affects SugarCRM before 8.0.4 and 9.x before 9.0.2. The vulnerability is a PHP code injection in the Administration module that can be exploited by an Admin user. Several connected sources corroborate that the issue stems from insufficient input validation, enabling code injection ...
CVE-2019-17299
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user...
CVE-2019-17300
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user...
CVE-2019-17300
SugarCRM is affected by a PHP code injection vulnerability (CVE-2019-17300) in the Administration module. Affected versions are SugarCRM before 8.0.4 and 9.x before 9.0.2. The root cause described across connected sources is insufficient input validation, enabling a Developer user to inject and e...
PT-2019-15078 · Sugarcrm · Sugarcrm
Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 8.0.4 SugarCRM versions 9.x prior to 9.0.2 Description: The issue allows PHP object injection in the Administration module by an Admin user. Recommendations: For SugarCRM versions prior to 8.0.4, update to version...
OurPHP backend has an arbitrary file upload vulnerability
OurPHP 傲派建站系统 is a website content management system developed using PHP language, the developer is Harbin Weicheng Technology Co. The upload file management module under the "Global/Interface" module in the administration background of OurPHP has the function of uploading hidden files. Since the...
CVE-2014-9505
Cross-site scripting XSS vulnerability in the School Administration module 7.x-1.x before 7.x-1.8 for Drupal allows remote authenticated users with permission to create or edit a class node to inject arbitrary web script or HTML via a node title...
CVE-2014-9505
CVE-2014-9505 is a Cross-Site Scripting (XSS) vulnerability in the Drupal School Administration module (7.x-1.x) before 7.x-1.8. The issue arises because node titles are not properly sanitized, allowing remote authenticated users with permission to create or edit a class node to inject arbitrary ...
CVE-2014-8072
The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin...
Design/Logic Flaw
The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin...
CVE-2014-8072
The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin...
CVE-2014-8072
CVE-2014-8072 affects OpenMRS 2.1 Standalone Edition, where the administration module allows remote authenticated users to obtain read access through a direct request to /admin. The available sources confirm the vulnerability details but do not provide exploit steps, affected product variants bey...
FortiMail Messaging Security Appliance crossite scripting
Crossite scripting in web administration module...