Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sugarcrm sugarcrm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-35810
An issue exists in SugarCRM Enterprise prior to 11.0.6 and 12.x prior to 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module becau...
Sugarcrm Sugarcrm
NA
CVE-2023-35811
An issue exists in SugarCRM Enterprise prior to 11.0.6 and 12.x prior to 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privi...
Sugarcrm Sugarcrm
7.5
CVSSv2
CVE-2012-0694
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote malicious users to execute arbitrary PHP code.
Sugarcrm Sugarcrm
2 EDB exploits
6.8
CVSSv2
CVE-2006-6712
Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors in crafted email messages.
Sugarcrm Sugarcrm
7.5
CVSSv2
CVE-2020-7472
An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM prior to 8.0, 8.0 prior to 8.0.7, 9.0 prior to 9.0.4, and 10.0 prior to 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via cr...
Sugarcrm Sugarcrm
3.5
CVSSv2
CVE-2020-17373
SugarCRM prior to 10.1.0 (Q3 2020) allows SQL Injection.
Sugarcrm Sugarcrm
4.3
CVSSv2
CVE-2018-5715
phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).
Sugarcrm Sugarcrm 3.5.1
1 EDB exploit
7.5
CVSSv2
CVE-2018-6308
Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, t...
Sugarcrm Sugarcrm 6.5.26
4.3
CVSSv2
CVE-2019-14974
SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.
Sugarcrm Sugarcrm 9.0.0
1 EDB exploit
3.5
CVSSv2
CVE-2020-36501
Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows malicious users to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.
Sugarcrm Sugarcrm 6.5.18
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »