700 matches found
SugarCRM - Unauthenticated Remote Code Execution via PHP Object Injection
A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the restdata parameter before passing it to the...
SugarCRM Unauthenticated - Remote Code Execution
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. id: CVE-2023-22952 info: name: SugarCRM Unauthenticated - Remote Code Execution author: iamnoooob,rootxharsh,pdresearch severity: high description: |...
SugarCRM 3.5.1 - Cross-Site Scripting
SugarCRM 3.5.1 is vulnerable to cross-site scripting via phprint.php and a parameter name in the query string aka a $key variable. id: CVE-2018-5715 info: name: SugarCRM 3.5.1 - Cross-Site Scripting author: edoardottt severity: medium description: SugarCRM 3.5.1 is vulnerable to cross-site...
SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktopurl. id: CVE-2019-14974 info: name: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting author: madrobot severity: medium description: SugarCRM Enterprise 9.0.0 contains a...
WordPress Web to SugarCRM Lead plugin <= 1.0.0 - Cross-Site Request Forgery to Custom Field Deletion vulnerability
Cross-Site Request Forgery to Custom Field Deletion vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Web to SugarCRM Lead versions = 1.0.0...
EUVD-2025-204657
The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the custom field deletion functionality. This makes it possible for unauthenticated attackers to delete custom fields v...
CVE-2025-13361
The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the custom field deletion functionality. This makes it possible for unauthenticated attackers to delete custom fields v...
CVE-2025-13361
CVE-2025-13361 : The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) up to version 1.0.0 due to missing nonce validation on the custom field deletion function. This enables unauthenticated attackers to delete custom fields by tricking a site administra...
CVE-2025-13361 Web to SugarCRM Lead <= 1.0.0 - Cross-Site Request Forgery to Custom Field Deletion
The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the custom field deletion functionality. This makes it possible for unauthenticated attackers to delete custom fields v...
CVE-2025-13361 Web to SugarCRM Lead <= 1.0.0 - Cross-Site Request Forgery to Custom Field Deletion
The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the custom field deletion functionality. This makes it possible for unauthenticated attackers to delete custom fields v...
WordPress plugin Web to SugarCRM Lead 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
PT-2025-52581
Name of the Vulnerable Software and Affected Versions Web to SugarCRM Lead plugin for WordPress versions up to and including 1.0.0 Description The Web to SugarCRM Lead plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is caused by a lack of nonce validation when deletin...
Exploit for CVE-2024-58258
CVE‑2024‑58258 – SugarCRM SSRF & Local File Disclosure Abo...
EUVD-2020-23987
Malware in sbrugna...
EUVD-2019-7722
Malware in sbrugna...
EUVD-2019-7710
Malware in sbrugna...
EUVD-2019-7713
Malware in sbrugna...
EUVD-2020-9327
Malware in sbrugna...
EUVD-2005-0267
Malware in sbrugna...
EUVD-2019-7731
Malware in sbrugna...