Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sugarcrm sugarcrm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-2460
Sugar Suite Open Source (SugarCRM) 4.2 and previous versions, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote malicious users to conduct attacks such as directory traversal or PHP remote ...
Sugarcrm Sugarcrm 3.5
Sugarcrm Sugarcrm 4.0
Sugarcrm Sugarcrm 4.1
Sugarcrm Sugarcrm 4.2
1 EDB exploit
8.8
CVSSv3
CVE-2023-46815
An issue exists in SugarCRM 12 prior to 12.0.4 and 13 prior to 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attac...
Sugarcrm Sugarcrm 13.0.0
Sugarcrm Sugarcrm 13.0.1
Sugarcrm Sugarcrm
8.8
CVSSv3
CVE-2023-46816
An issue exists in SugarCRM 12 prior to 12.0.4 and 13 prior to 13.0.2. A Server Site Template Injection (SSTI) vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing inpu...
Sugarcrm Sugarcrm 13.0.0
Sugarcrm Sugarcrm 13.0.1
Sugarcrm Sugarcrm
NA
CVE-2008-2045
Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote malicious users to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache file in the .cache/feeds ...
Sugarcrm Sugarcrm 4.5.1
Sugarcrm Sugarcrm 5.0.0
1 EDB exploit
NA
CVE-2006-5082
Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) prior to 4.2.1 Patch C (20060917) has unspecified impact, related to code execution, and unspecified attack vectors.
Sugarcrm Sugar Suite 4.1
Sugarcrm Sugar Suite 4.2
Sugarcrm Sugar Suite 4.2.1
Sugarcrm Sugar Suite 4.0.1
Sugarcrm Sugar Suite 4.0 Beta
Sugarcrm Sugar Suite 3.5
Sugarcrm Sugar Suite 3.5.1
9.8
CVSSv3
CVE-2020-7472
An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM prior to 8.0, 8.0 prior to 8.0.7, 9.0 prior to 9.0.4, and 10.0 prior to 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via cr...
Sugarcrm Sugarcrm
8.8
CVSSv3
CVE-2019-17308
SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2 allows PHP code injection in the Emails module by a Regular user.
Sugarcrm Sugarcrm
NA
CVE-2004-1226
SugarCRM Sugar Sales 2.0.1c and previous versions allows remote malicious users to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter.
Sugarcrm Sugarcrm
8.8
CVSSv3
CVE-2023-22952
In SugarCRM prior to 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.
Sugarcrm Sugarcrm
1 Metasploit module
1 Github repository
6.1
CVSSv3
CVE-2018-17784
Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote malicious user to conduct a cross-site scripting (XSS) attack on a targeted system.
Sugarcrm Sugarcrm
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-coded
CVE-2024-27202
NULL pointer dereference
CVE-2024-28075
CVE-2024-33608
CVE-2024-28889
CVE-2024-34572
template injection
CVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »