2 matches found
CVE-2019-17303
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user...
CVE-2019-17303
CVE-2019-17303 affects SugarCRM: versions before 8.0.4 and 9.x before 9.0.2 are vulnerable to PHP code injection in the MergeRecords module when executed by a Developer user. The root cause is lack of input validation, enabling arbitrary PHP execution. Impact details in the records show CVSSv3.1 ...