CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

700 matches found

SugarCRM - Unauthenticated Remote Code Execution via PHP Object Injection

A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the restdata parameter before passing it to the...

9.3CVSS6.4AI score0.02971EPSS

Exploits0References5

Nuclei•added 2 days ago•27 views

SugarCRM 3.5.1 - Cross-Site Scripting

SugarCRM 3.5.1 is vulnerable to cross-site scripting via phprint.php and a parameter name in the query string aka a $key variable. id: CVE-2018-5715 info: name: SugarCRM 3.5.1 - Cross-Site Scripting author: edoardottt severity: medium description: SugarCRM 3.5.1 is vulnerable to cross-site...

6.1CVSS6.2AI score0.07044EPSS

Exploits5References5

Nuclei•added 2 days ago•30 views

SugarCRM Enterprise 9.0.0 - Cross-Site Scripting

SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktopurl. id: CVE-2019-14974 info: name: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting author: madrobot severity: medium description: SugarCRM Enterprise 9.0.0 contains a...

6.1CVSS6.2AI score0.31043EPSS

Exploits1References5

Nuclei•added 6 days ago•20 views

SugarCRM Unauthenticated - Remote Code Execution

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. id: CVE-2023-22952 info: name: SugarCRM Unauthenticated - Remote Code Execution author: iamnoooob,rootxharsh,pdresearch severity: high description: |...

8.8CVSS8.8AI score0.80274EPSS

Exploits4References1

Patchstack•added 2025/12/31 12:0 a.m.•7 views

WordPress Web to SugarCRM Lead plugin <= 1.0.0 - Cross-Site Request Forgery to Custom Field Deletion vulnerability

Cross-Site Request Forgery to Custom Field Deletion vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Web to SugarCRM Lead versions = 1.0.0...

4.3CVSS5.9AI score0.00129EPSS

Exploits0References1Affected Software1

EUVD•added 2025/12/21 6:31 a.m.•3 views

EUVD-2025-204657

The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the custom field deletion functionality. This makes it possible for unauthenticated attackers to delete custom fields v...

4.3CVSS4.9AI score0.00129EPSS

Exploits0References5

NVD•added 2025/12/21 4:16 a.m.•4 views

CVE-2025-13361

4.3CVSS0.00129EPSS

Exploits0References4

Vulnrichment•added 2025/12/21 3:20 a.m.•4 views

CVE-2025-13361 Web to SugarCRM Lead <= 1.0.0 - Cross-Site Request Forgery to Custom Field Deletion

4.3CVSS5AI score0.00129EPSS

Exploits0References4

CVE•added 2025/12/21 3:20 a.m.•12 views

CVE-2025-13361

CVE-2025-13361 : The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) up to version 1.0.0 due to missing nonce validation on the custom field deletion function. This enables unauthenticated attackers to delete custom fields by tricking a site administra...

4.3CVSS5AI score0.00129EPSS

Exploits0References4

Cvelist•added 2025/12/21 3:20 a.m.•17 views

CVE-2025-13361 Web to SugarCRM Lead <= 1.0.0 - Cross-Site Request Forgery to Custom Field Deletion

4.3CVSS0.00129EPSS

Exploits0References4

Positive Technologies•added 2025/12/21 12:0 a.m.•6 views

PT-2025-52581

Name of the Vulnerable Software and Affected Versions Web to SugarCRM Lead plugin for WordPress versions up to and including 1.0.0 Description The Web to SugarCRM Lead plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is caused by a lack of nonce validation when deletin...

4.3CVSS6.1AI score0.00129EPSS

Exploits0References9

CNNVD•added 2025/12/21 12:0 a.m.•3 views

WordPress plugin Web to SugarCRM Lead 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS6.5AI score0.00129EPSS

Exploits0References5