Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sugarcrm vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-36501
Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows malicious users to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.
Sugarcrm Sugarcrm 6.5.18
5
CVSSv2
CVE-2011-3803
SugarCRM 6.1.0 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files.
Sugarcrm Sugarcrm 6.1.0
4.3
CVSSv2
CVE-2018-5715
phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).
Sugarcrm Sugarcrm 3.5.1
1 EDB exploit
4.3
CVSSv2
CVE-2019-14974
SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.
Sugarcrm Sugarcrm 9.0.0
1 EDB exploit
5
CVSSv2
CVE-2005-4086
Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and previous versions allows remote malicious users to include arbitrary local files via ".." sequences in the beanFiles array paramete...
Sugarcrm Sugar Suite 3.5
Sugarcrm Sugar Suite 4.0 Beta
2 EDB exploits
7.5
CVSSv2
CVE-2005-4087
PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the beanFiles array parameter.
Sugarcrm Sugar Suite 3.5
Sugarcrm Sugar Suite 4.0 Beta
2 EDB exploits
10
CVSSv2
CVE-2004-1227
Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and previous versions allows remote malicious users to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4)...
Sugarcrm Sugar Sales
1 EDB exploit
6.4
CVSSv2
CVE-2004-1228
The install scripts in SugarCRM Sugar Sales 2.0.1c and previous versions are not removed after installation, which allows malicious users to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database setti...
Sugarcrm Sugar Sales
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7