CVE-2019-17311
SugarCRM is affected by a directory traversal vulnerability in the attachment feature affecting versions before 8.0.4 and 9.x before 9.0.2. The underlying issue is insufficient input validation, enabling a Regular user to traverse directories via the attachment function. No exploitation details a...