CVE-2019-17308
SugarCRM is vulnerable to PHP code injection in the Emails module (affecting versions before 8.0.4 and 9.x before 9.0.2). The issue can be triggered by a Regular user due to inadequate input validation, enabling arbitrary code execution. Affected software: SugarCRM (core product) with Email handl...