Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sugarcrm vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-17303
SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user.
Sugarcrm Sugarcrm
6.5
CVSSv2
CVE-2019-17305
SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user.
Sugarcrm Sugarcrm
6.5
CVSSv2
CVE-2019-17307
SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2 allows PHP code injection in the Tracker module by an Admin user.
Sugarcrm Sugarcrm
6.5
CVSSv2
CVE-2019-17313
SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2 allows directory traversal in the Studio module by a Developer user.
Sugarcrm Sugarcrm
6.5
CVSSv2
CVE-2019-17317
SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user.
Sugarcrm Sugarcrm
5
CVSSv2
CVE-2004-1226
SugarCRM Sugar Sales 2.0.1c and previous versions allows remote malicious users to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter.
Sugarcrm Sugarcrm
3.5
CVSSv2
CVE-2020-28955
SugarCRM v6.5.18 exists to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields.
Sugarcrm Sugarcrm 6.5.18
3.5
CVSSv2
CVE-2020-28956
Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows malicious users to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.
Sugarcrm Sugarcrm 6.5.18
5
CVSSv2
CVE-2011-3803
SugarCRM 6.1.0 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files.
Sugarcrm Sugarcrm 6.1.0
4.3
CVSSv2
CVE-2018-5715
phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).
Sugarcrm Sugarcrm 3.5.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »