Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sugarcrm sugarcrm vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2020-17373
SugarCRM prior to 10.1.0 (Q3 2020) allows SQL Injection.
Sugarcrm Sugarcrm
NA
CVE-2011-4833
Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 prior to 6.1.7, 6.2 prior to 6.2.4, 6.3 prior to 6.3.0RC3, and 6.4 prior to 6.4.0beta1 allow remote malicious users to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_ful...
Sugarcrm Sugarcrm 6.2.3
Sugarcrm Sugarcrm 6.2.2
Sugarcrm Sugarcrm 6.1.3
Sugarcrm Sugarcrm 6.1.4
Sugarcrm Sugarcrm 6.1.0
Sugarcrm Sugarcrm 6.1.1
Sugarcrm Sugarcrm 6.3.0
Sugarcrm Sugarcrm 6.1.2
Sugarcrm Sugarcrm 6.2.0
Sugarcrm Sugarcrm 6.1.6
Sugarcrm Sugarcrm 6.1.5
Sugarcrm Sugarcrm 6.4
Sugarcrm Sugarcrm 6.2.1
1 EDB exploit
NA
CVE-2011-3803
SugarCRM 6.1.0 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files.
Sugarcrm Sugarcrm 6.1.0
NA
CVE-2011-0745
SugarCRM prior to 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable thro...
Sugarcrm Sugarcrm 5.5.2
Sugarcrm Sugarcrm 1.5d
Sugarcrm Sugarcrm 5.0.0
Sugarcrm Sugarcrm 4.2.1
Sugarcrm Sugarcrm 5.5.4
Sugarcrm Sugarcrm 4.5.0f
Sugarcrm Sugarcrm 1.1a
Sugarcrm Sugarcrm 4.0
Sugarcrm Sugarcrm 5.2g
Sugarcrm Sugarcrm 5.1c
Sugarcrm Sugarcrm 5.2d
Sugarcrm Sugarcrm 3.5.1
Sugarcrm Sugarcrm 1.1b
Sugarcrm Sugarcrm 4.0.1
Sugarcrm Sugarcrm 5.1.0
Sugarcrm Sugarcrm 5.5
Sugarcrm Sugarcrm 4.1
Sugarcrm Sugarcrm 1.0g
Sugarcrm Sugarcrm 6.1.0
Sugarcrm Sugarcrm 5.5.1
Sugarcrm Sugarcrm 6.0
Sugarcrm Sugarcrm 4.5.1
1 EDB exploit
NA
CVE-2010-0465
Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x prior to 5.2.0l and 5.5.x prior to 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field.
Sugarcrm Sugarcrm 5.2g
Sugarcrm Sugarcrm 5.2d
Sugarcrm Sugarcrm 5.5
Sugarcrm Sugarcrm 5.2a
Sugarcrm Sugarcrm 5.2f
Sugarcrm Sugarcrm 5.2c
Sugarcrm Sugarcrm 5.2h
Sugarcrm Sugarcrm 5.2.0g
Sugarcrm Sugarcrm 5.2e
Sugarcrm Sugarcrm 5.5.0
NA
CVE-2009-2978
SQL injection vulnerability in SugarCRM 4.5.1o and previous versions, 5.0.0k and previous versions, and 5.2.0g and previous versions, allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Sugarcrm Sugarcrm 1.5d
Sugarcrm Sugarcrm 5.0.0
Sugarcrm Sugarcrm 4.2.1
Sugarcrm Sugarcrm 4.5.0f
Sugarcrm Sugarcrm 1.1a
Sugarcrm Sugarcrm 4.0
Sugarcrm Sugarcrm 5.2d
Sugarcrm Sugarcrm 3.5.1
Sugarcrm Sugarcrm 1.1b
Sugarcrm Sugarcrm 4.0.1
Sugarcrm Sugarcrm 4.1
Sugarcrm Sugarcrm 1.0g
Sugarcrm Sugarcrm 4.5.1
Sugarcrm Sugarcrm 4.5.0
Sugarcrm Sugarcrm
Sugarcrm Sugarcrm 5.2a
Sugarcrm Sugarcrm 2.0.1c
Sugarcrm Sugarcrm 1.1e
Sugarcrm Sugarcrm 2.0.1
Sugarcrm Sugarcrm 5.2f
Sugarcrm Sugarcrm 3.5
Sugarcrm Sugarcrm 5.2c
NA
CVE-2009-2146
Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) prior to 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the ...
Sugarcrm Sugarcrm 5.0.0
Sugarcrm Sugarcrm 5.1c
Sugarcrm Sugarcrm 5.1.0
Sugarcrm Sugarcrm
Sugarcrm Sugarcrm 5.2d
Sugarcrm Sugarcrm 5.1.0-beta
Sugarcrm Sugarcrm 5.2c
Sugarcrm Sugarcrm 5.0.0k
Sugarcrm Sugarcrm 5.0.0h
1 EDB exploit
NA
CVE-2008-2045
Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote malicious users to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache file in the .cache/feeds ...
Sugarcrm Sugarcrm 5.0.0
Sugarcrm Sugarcrm 4.5.1
1 EDB exploit
NA
CVE-2006-6712
Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors in crafted email messages.
Sugarcrm Sugarcrm
NA
CVE-2006-5082
Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) prior to 4.2.1 Patch C (20060917) has unspecified impact, related to code execution, and unspecified attack vectors.
Sugarcrm Sugar Suite 3.5
Sugarcrm Sugar Suite 4.2
Sugarcrm Sugar Suite 3.5.1
Sugarcrm Sugar Suite 4.0.1
Sugarcrm Sugar Suite 4.2.1
Sugarcrm Sugar Suite 4.1
Sugarcrm Sugar Suite 4.0 Beta
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »