Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sugarcrm sugarcrm vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2019-17314
SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2 allows directory traversal in the Configurator module by an Admin user.
Sugarcrm Sugarcrm
7.2
CVSSv3
CVE-2019-17315
SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2 allows PHP object injection in the Administration module by an Admin user.
Sugarcrm Sugarcrm
7.2
CVSSv3
CVE-2019-17317
SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user.
Sugarcrm Sugarcrm
8.8
CVSSv3
CVE-2019-17318
SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user.
Sugarcrm Sugarcrm
8.8
CVSSv3
CVE-2019-17319
SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2 allows SQL injection in the Emails module by a Regular user.
Sugarcrm Sugarcrm
NA
CVE-2006-6712
Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors in crafted email messages.
Sugarcrm Sugarcrm
5.4
CVSSv3
CVE-2020-36501
Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows malicious users to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.
Sugarcrm Sugarcrm 6.5.18
9.8
CVSSv3
CVE-2018-6308
Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, t...
Sugarcrm Sugarcrm 6.5.26
NA
CVE-2011-3803
SugarCRM 6.1.0 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files.
Sugarcrm Sugarcrm 6.1.0
6.1
CVSSv3
CVE-2019-14974
SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.
Sugarcrm Sugarcrm 9.0.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »