3587 matches found
Code injection
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user...
CVE-2019-17315
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user...
CVE-2019-17315
SugarCRM is affected by a PHP object injection in the Administration module. The vulnerability exists in SugarCRM versions prior to 8.0.4 and 9.x prior to 9.0.2, exploitable by an Admin user without required complex interactions. Root cause is inadequate validation in the Administration module th...
CVE-2019-17316
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user...
CVE-2019-17316
CVE-2019-17316 affects SugarCRM: versions prior to 8.0.4 and 9.x prior to 9.0.2. The vulnerability is a PHP object injection in the Import module exploitable by a regular user, due to insufficient input validation. Multiple connected sources (Red Hat, CNVD, CVE list) confirm the affected versions...
CVE-2019-17317
SugarCRM vulnerability CVE-2019-17317 affects SugarCRM before 8.0.4 and 9.x before 9.0.2, where an Admin can trigger PHP object injection via the UpgradeWizard module. The root cause is input handling in UpgradeWizard that allows object injection, enabling impact as described in affected advisori...
CVE-2019-17317
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user...
PT-2019-15079 · Sugarcrm · Sugarcrm
Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 8.0.4 SugarCRM versions 9.x prior to 9.0.2 Description: The issue allows PHP object injection in the Import module by a Regular user. Recommendations: For SugarCRM versions prior to 8.0.4, update to version 8.0.4 or...
PT-2019-15078 · Sugarcrm · Sugarcrm
Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 8.0.4 SugarCRM versions 9.x prior to 9.0.2 Description: The issue allows PHP object injection in the Administration module by an Admin user. Recommendations: For SugarCRM versions prior to 8.0.4, update to version...
CVE-2017-18605
The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection...
CVE-2017-18605
The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection...
CVE-2017-18604
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...
CVE-2017-18604
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...
Cross site request forgery (csrf)
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...
Design/Logic Flaw
The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection...
CVE-2017-18605
The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection...
CVE-2017-18604
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...
CVE-2017-18604
The CVE-2017-18604 entry concerns the WordPress plugin sitebuilder-dynamic-components (up to version 1.0). Multiple sources confirm a PHP object injection vulnerability reachable via AJAX requests, enabling an unauthenticated/vector-based impact with HIGH integrity risk (CVSS v3.1: 7.5). Affected...
Debian DLA-1905-1 : gosa security update
GOsa² used unserialize to restore filter settings from a cookie. Since this cookie was supplied by the client, authenticated users could have passed arbitrary content to unserialized, which opened GOsa² up to a potential PHP object injection. For Debian 8 'Jessie', this problem has been...
Debian: Security Advisory (DLA-1905-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...