950 matches found
CVE-2019-17301
CVE-2019-17301 affects SugarCRM before 8.0.4 and 9.x before 9.0.2, allowing a PHP code injection in the ModuleBuilder module by an Admin user. The issue originates from inadequate input handling in ModuleBuilder, as described in multiple sources. CVSS indicates moderate to high impact: CVSS v3.1 ...
CVE-2019-17302
Summary: CVE-2019-17302 affects SugarCRM, specifically the ModuleBuilder module. Compared with several connected sources, the vulnerability enables PHP code injection by a Developer user in SugarCRM versions listed as vulnerable: before 8.0.4 and before 9.0.2 (i.e., 8.0.0–8.0.3 and 9.x prior to 9...
CVE-2019-17302
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user...
CVE-2019-17303
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user...
CVE-2019-17303
CVE-2019-17303 affects SugarCRM: versions before 8.0.4 and 9.x before 9.0.2 are vulnerable to PHP code injection in the MergeRecords module when executed by a Developer user. The root cause is lack of input validation, enabling arbitrary PHP execution. Impact details in the records show CVSSv3.1 ...
CVE-2019-17304
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by an Admin user...
CVE-2019-17304
CVE-2019-17304 affects SugarCRM: PHP code injection in the MergeRecords module. Affected: SugarCRM before 8.0.4 and 9.x before 9.0.2. Root cause cited: insufficient input validation in the MergeRecords component, enabling an Admin user to inject PHP code. Impact is high for confidentiality, integ...
CVE-2019-17305
CVE-2019-17305 affects SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2. The vulnerability is a PHP code injection in the MergeRecords module that can be exploited by a Regular user. The connected sources consistently describe this as a PHP code injection flaw arising from insufficient input valida...
CVE-2019-17305
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user...
CVE-2019-17306
SugarCRM versions affected:
CVE-2019-17306
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user...
CVE-2019-17307
Summary: CVE-2019-17307 affects SugarCRM. The vulnerability allows PHP code injection in the Tracker module when exploited by an Admin user. Affected versions are SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2. The provided connected documents confirm the existence and nature of the issue but do ...
CVE-2019-17308
SugarCRM is vulnerable to PHP code injection in the Emails module (affecting versions before 8.0.4 and 9.x before 9.0.2). The issue can be triggered by a Regular user due to inadequate input validation, enabling arbitrary code execution. Affected software: SugarCRM (core product) with Email handl...
CVE-2019-17308
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user...
CVE-2019-17309
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the EmailMan module by an Admin user...
CVE-2019-17310
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user...
CVE-2019-17310
CVE-2019-17310 affects SugarCRM (Campaigns module) prior to 8.0.4 and 9.x prior to 9.0.2. An Admin can inject PHP code due to input handling in Campaigns, enabling arbitrary code execution. Impact described as PHP code injection with potential for full system compromise; no exploit details provid...
CVE-2008-4811
The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ backslash before a dollar-sign character...
CVE-2019-14252
An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ folder even if remove...
CVE-2019-14252
Publisure 2.1.2 secure portal: after admin authentication, injection of arbitrary PHP via adminCons.php is stored in E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ and can be hidden even after removal, enabling persistent code execution on the server. Affected component: adminCons.php handl...