19 matches found
EUVD-2023-39803
Malicious code in bioql PyPI...
CVE-2023-35810
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing...
CVE-2023-35811
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use...
CVE-2019-14974
SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktopurl= XSS...
CVE-2023-35808
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input...
Sql injection
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use...
SugarCRM Enterprise 代码问题漏洞
SugarCRM Enterprise is an enterprise version of an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing for different customer needs, managing and distributing sales leads, and enabling information sharing and tracking of sales...
SugarCRM Enterprise SQL注入漏洞
SugarCRM Enterprise is an enterprise version of an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing for different customer needs, managing and distributing sales leads, and enabling information sharing and tracking of sales...
PT-2023-25325 · Sugarcrm · Sugarcrm Enterprise
Name of the Vulnerable Software and Affected Versions: SugarCRM Enterprise versions prior to 11.0.6 SugarCRM Enterprise versions 12.x prior to 12.0.3 Description: An Unrestricted File Upload issue has been identified in the Notes module due to missing input validation. This allows custom PHP code...
PT-2023-25328 · Sugarcrm +1 · Sugarcrm Enterprise +1
Name of the Vulnerable Software and Affected Versions: SugarCRM Enterprise versions prior to 11.0.6 SugarCRM Enterprise versions 12.x prior to 12.0.3 Description: A Second-Order PHP Object Injection issue has been identified in the DocuSign module. This occurs due to missing input validation,...
SugarCRM Enterprise 安全漏洞
SugarCRM Enterprise is an enterprise version of an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing for different customer needs, managing and distributing sales leads, and enabling information sharing and tracking of sales...
CVE-2023-35811
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use...
CVE-2023-35809
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges...
SugarCRM Enterprise 注入漏洞
SugarCRM Enterprise is an enterprise version of an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing for different customer needs, managing and distributing sales leads, and enabling information sharing and tracking of sales...
CVE-2023-35810
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing...
SugarCRM Enterprise Cross-Site Scripting Vulnerability
SugarCRM Enterprise is an enterprise version of an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and information sharing and tracking of sales...
CVE-2019-14974
SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktopurl= XSS...
Cross site scripting
SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktopurl= XSS...
CVE-2019-14974
CVE-2019-14974 : SugarCRM Enterprise 9.0.0 has a cross-site scripting (XSS) vulnerability exploitable via the path mobile/error-not-supported-platform.html?desktop_url. The Nuclei template confirms the issue and describes impact as arbitrary JavaScript execution in the victim’s browser, enabling ...