CVE-2019-17312
SugarCRM before 8.0.4 and 9.x before 9.0.2 expose a directory traversal flaw in the file function that can be triggered by a regular user. The public sources listed (including SugarCRM advisory) confirm the affected versions and the nature of the vulnerability. Remediation per the documents is up...