4 matches found
CVE-2019-17304
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by an Admin user...
CVE-2019-17304
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by an Admin user...
CVE-2019-17304
CVE-2019-17304 affects SugarCRM: PHP code injection in the MergeRecords module. Affected: SugarCRM before 8.0.4 and 9.x before 9.0.2. Root cause cited: insufficient input validation in the MergeRecords component, enabling an Admin user to inject PHP code. Impact is high for confidentiality, integ...
CVE-2019-17304
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by an Admin user...