CVE-2019-17303

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user...

CVE-2019-17300

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user...

Directory traversal

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user...

Sql injection

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user...

Code injection

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user...

Code injection

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user...

Code injection

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user...

CVE-2019-17298

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user...

CVE-2019-17298

SugarCRM is affected in versions prior to 8.0.4 and 9.x prior to 9.0.2. The vulnerability is an SQL injection in the Administration module exploitable by a Developer user. Root cause: insufficient input validation in the vulnerable path leads to injectable SQL. Impact per disclosed references inc...

CVE-2019-17300

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user...

CVE-2019-17302

Summary: CVE-2019-17302 affects SugarCRM, specifically the ModuleBuilder module. Compared with several connected sources, the vulnerability enables PHP code injection by a Developer user in SugarCRM versions listed as vulnerable: before 8.0.4 and before 9.0.2 (i.e., 8.0.0–8.0.3 and 9.x prior to 9...

CVE-2019-17302

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user...

CVE-2019-17303

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user...

CVE-2019-17313

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user...

CVE-2019-17313

CVE-2019-17313 affects SugarCRM with versions before 8.0.4 and 9.x before 9.0.2. The vulnerability is a directory traversal in the Studio module accessible to Developer users. Public sources indicate the issue stems from input validation weaknesses in the Studio module (CNVD-2019-34432). The acco...

CVE-2011-3525

Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2 and 4.0 allows remote authenticated users to affect confidentiality, integrity, and availability, related to APEX developer user...

CVE-2011-3525

Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2 and 4.0 allows remote authenticated users to affect confidentiality, integrity, and availability, related to APEX developer user...