2 matches found
CVE-2019-17317
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user...
CVE-2019-17317
SugarCRM vulnerability CVE-2019-17317 affects SugarCRM before 8.0.4 and 9.x before 9.0.2, where an Admin can trigger PHP object injection via the UpgradeWizard module. The root cause is input handling in UpgradeWizard that allows object injection, enabling impact as described in affected advisori...