7206 matches found
Code injection
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user...
CVE-2019-17299
CVE-2019-17299 affects SugarCRM before 8.0.4 and 9.x before 9.0.2. The vulnerability is a PHP code injection in the Administration module that can be exploited by an Admin user. Several connected sources corroborate that the issue stems from insufficient input validation, enabling code injection ...
CVE-2019-17299
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user...
CVE-2019-17300
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user...
CVE-2019-17300
SugarCRM is affected by a PHP code injection vulnerability (CVE-2019-17300) in the Administration module. Affected versions are SugarCRM before 8.0.4 and 9.x before 9.0.2. The root cause described across connected sources is insufficient input validation, enabling a Developer user to inject and e...
CVE-2019-17301
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user...
CVE-2019-17301
CVE-2019-17301 affects SugarCRM before 8.0.4 and 9.x before 9.0.2, allowing a PHP code injection in the ModuleBuilder module by an Admin user. The issue originates from inadequate input handling in ModuleBuilder, as described in multiple sources. CVSS indicates moderate to high impact: CVSS v3.1 ...
CVE-2019-17302
Summary: CVE-2019-17302 affects SugarCRM, specifically the ModuleBuilder module. Compared with several connected sources, the vulnerability enables PHP code injection by a Developer user in SugarCRM versions listed as vulnerable: before 8.0.4 and before 9.0.2 (i.e., 8.0.0–8.0.3 and 9.x prior to 9...
CVE-2019-17302
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user...
CVE-2019-17303
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user...
CVE-2019-17303
CVE-2019-17303 affects SugarCRM: versions before 8.0.4 and 9.x before 9.0.2 are vulnerable to PHP code injection in the MergeRecords module when executed by a Developer user. The root cause is lack of input validation, enabling arbitrary PHP execution. Impact details in the records show CVSSv3.1 ...
CVE-2019-17304
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by an Admin user...
CVE-2019-17304
CVE-2019-17304 affects SugarCRM: PHP code injection in the MergeRecords module. Affected: SugarCRM before 8.0.4 and 9.x before 9.0.2. Root cause cited: insufficient input validation in the MergeRecords component, enabling an Admin user to inject PHP code. Impact is high for confidentiality, integ...
CVE-2019-17305
CVE-2019-17305 affects SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2. The vulnerability is a PHP code injection in the MergeRecords module that can be exploited by a Regular user. The connected sources consistently describe this as a PHP code injection flaw arising from insufficient input valida...
CVE-2019-17305
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user...
CVE-2019-17306
SugarCRM versions affected:
CVE-2019-17306
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user...
CVE-2019-17307
Summary: CVE-2019-17307 affects SugarCRM. The vulnerability allows PHP code injection in the Tracker module when exploited by an Admin user. Affected versions are SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2. The provided connected documents confirm the existence and nature of the issue but do ...
CVE-2019-17308
SugarCRM is vulnerable to PHP code injection in the Emails module (affecting versions before 8.0.4 and 9.x before 9.0.2). The issue can be triggered by a Regular user due to inadequate input validation, enabling arbitrary code execution. Affected software: SugarCRM (core product) with Email handl...
CVE-2019-17308
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user...