CVE-2026-29098

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the actionexportCustom function in modules/ModuleBuilder/controller.php fails to properly neutralize path traversal sequences in the $modules and $name...

CVE-2026-29098 SuiteCRM has Relative Path Traversal via ModuleBuilder Modules ExportCustom Action

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the actionexportCustom function in modules/ModuleBuilder/controller.php fails to properly neutralize path traversal sequences in the $modules and $name...

EUVD-2025-199289

Malicious code in @silgi/module-builder npm...

Malicious code in @silgi/module-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8dcdf459dd6f30b49693265bec20c40b3a8f9b49a11f1eef906e86ecc5741ad The package @silgi/module-builder was found to contain malicious code. Source: ghsa-malware...

EUVD-2019-6518

Malware in sbrugna...

CVE-2019-15534

Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update...

Raml-Module-Builder SQL Injection Vulnerability

Raml-Module-Builder is a framework that allows the creation of modules based on RAML files. A SQL injection vulnerability exists in PostgresClient.update in Raml-Module-Builder version 26.4.0, which can be exploited by an attacker to execute illegal SQL commands...

CVE-2019-15534

Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update...

CVE-2019-15534

Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update...

Sql injection

Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update...

CVE-2019-15534

The documents identify CVE-2019-15534 as a SQL injection vulnerability in Raml-Module-Builder version 26.4.0, specifically in PostgresClient.update. The issue is a flaw in the module’s handling of SQL commands that allows an attacker to inject and execute arbitrary SQL. The payloads, affected com...

CVE-2019-15534

Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update...

SugarCRM addLabels PHP Code Injection Vulnerability

SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'labels' parameters is not properly sanitized before being used to save PHP code within the "ParserLabel::addLabels" method when saving labels through t...

SugarCRM SaveDropDown PHP Code Injection Vulnerability

SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'listvalue' JSON parameter is not properly sanitized before being used to save PHP code when adding/saving dropdowns through the Module Builder. This ca...

SugarCRM (addLabels) PHP Code Injection Vulnerability

SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and enables information sharing and tracking of sales representatives. A PHP code...

Module Builder DownloadModule Traversal Arbitrary File Disclosure

The remote host is running Module Builder, a module for building SugarCRM modules. The version of Module Builder installed on the remote host fails to validate user-supplied input to the 'file' parameter of the 'modules/Builder/DownloadModule.php' script before using it to return the contents of ...