Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sugarcrm vulnerabilities and exploits
(subscribe to this query)
645
VMScore
CVE-2006-2460
Sugar Suite Open Source (SugarCRM) 4.2 and previous versions, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote malicious users to conduct attacks such as directory traversal or PHP remote ...
Sugarcrm Sugarcrm 3.5
Sugarcrm Sugarcrm 4.0
Sugarcrm Sugarcrm 4.1
Sugarcrm Sugarcrm 4.2
1 EDB exploit
NA
CVE-2023-46815
An issue exists in SugarCRM 12 prior to 12.0.4 and 13 prior to 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attac...
Sugarcrm Sugarcrm 13.0.0
Sugarcrm Sugarcrm 13.0.1
Sugarcrm Sugarcrm
NA
CVE-2023-46816
An issue exists in SugarCRM 12 prior to 12.0.4 and 13 prior to 13.0.2. A Server Site Template Injection (SSTI) vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing inpu...
Sugarcrm Sugarcrm 13.0.0
Sugarcrm Sugarcrm 13.0.1
Sugarcrm Sugarcrm
505
VMScore
CVE-2008-2045
Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote malicious users to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache file in the .cache/feeds ...
Sugarcrm Sugarcrm 4.5.1
Sugarcrm Sugarcrm 5.0.0
1 EDB exploit
668
VMScore
CVE-2006-5082
Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) prior to 4.2.1 Patch C (20060917) has unspecified impact, related to code execution, and unspecified attack vectors.
Sugarcrm Sugar Suite 4.1
Sugarcrm Sugar Suite 4.2
Sugarcrm Sugar Suite 4.2.1
Sugarcrm Sugar Suite 4.0.1
Sugarcrm Sugar Suite 4.0 Beta
Sugarcrm Sugar Suite 3.5
Sugarcrm Sugar Suite 3.5.1
NA
CVE-2023-22952
In SugarCRM prior to 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.
Sugarcrm Sugarcrm
1 Metasploit module
1 Github repository
NA
CVE-2023-35808
An issue exists in SugarCRM Enterprise prior to 11.0.6 and 12.x prior to 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing ...
Sugarcrm Sugarcrm
NA
CVE-2023-35809
An issue exists in SugarCRM Enterprise prior to 11.0.6 and 12.x prior to 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular us...
Sugarcrm Sugarcrm
NA
CVE-2023-35810
An issue exists in SugarCRM Enterprise prior to 11.0.6 and 12.x prior to 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module becau...
Sugarcrm Sugarcrm
NA
CVE-2023-35811
An issue exists in SugarCRM Enterprise prior to 11.0.6 and 12.x prior to 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privi...
Sugarcrm Sugarcrm
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »