Sugarcrm Security Vulnerabilities and Issues — Page 2 of Sugarcrm CVE List

Lucene search

SugarcrmSugarcrm

64 matches found

CVE•added 2021/10/22 8:15 p.m.•30 views

CVE-2020-28955

SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields.

5.4CVSS5.3AI score0.00206EPSS

CVE•added 2023/06/17 10:15 p.m.•30 views

CVE-2023-35810

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing i...

7.2CVSS7.2AI score0.00243EPSS

CVE•added 2008/05/01 7:5 p.m.•29 views

CVE-2008-2045

Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote attackers to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache file in the .cache/feeds directory.

5CVSS6.6AI score0.09856EPSS

CVE•added 2019/10/07 4:15 p.m.•29 views

CVE-2019-17301

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user.

7.2CVSS7.2AI score0.00525EPSS

CVE•added 2019/10/07 4:15 p.m.•29 views

CVE-2019-17314

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user.

7.2CVSS7AI score0.006EPSS

CVE•added 2019/10/07 3:15 p.m.•29 views

CVE-2019-17317

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user.

7.2CVSS7.2AI score0.00826EPSS

CVE•added 2019/10/07 3:15 p.m.•29 views

CVE-2019-17318

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user.

8.8CVSS9AI score0.00371EPSS

CVE•added 2020/08/12 1:15 p.m.•29 views

CVE-2020-17373

SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection.

5.3CVSS5.7AI score0.01166EPSS

CVE•added 2019/10/07 4:15 p.m.•28 views

CVE-2019-17293

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user.

8.8CVSS9AI score0.00371EPSS

CVE•added 2019/10/07 3:15 p.m.•28 views

CVE-2019-17315

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user.

7.2CVSS7.2AI score0.00935EPSS

CVE•added 2019/10/07 3:15 p.m.•27 views

CVE-2019-17319

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user.

8.8CVSS9AI score0.00371EPSS

CVE•added 2023/06/17 10:15 p.m.•26 views

CVE-2023-35811

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use u...

8.8CVSS9AI score0.00231EPSS

CVE•added 2019/10/07 4:15 p.m.•25 views

CVE-2019-17310

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user.

7.2CVSS7.2AI score0.00594EPSS

CVE•added 2025/07/13 10:15 p.m.•9 views

CVE-2024-58258

SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur.

7.2CVSS7.6AI score0.01215EPSS

Web

Total number of security vulnerabilities64