Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sugarcrm sugarcrm vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-28956
Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows malicious users to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.
Sugarcrm Sugarcrm 6.5.18
5
CVSSv2
CVE-2011-3803
SugarCRM 6.1.0 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files.
Sugarcrm Sugarcrm 6.1.0
4.6
CVSSv2
CVE-2015-5946
Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.
Sugarcrm Sugarcrm 6.5.22
3.5
CVSSv2
CVE-2020-28955
SugarCRM v6.5.18 exists to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields.
Sugarcrm Sugarcrm 6.5.18
5
CVSSv2
CVE-2005-4086
Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and previous versions allows remote malicious users to include arbitrary local files via ".." sequences in the beanFiles array paramete...
Sugarcrm Sugar Suite 3.5
Sugarcrm Sugar Suite 4.0 Beta
2 EDB exploits
7.5
CVSSv2
CVE-2005-4087
PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the beanFiles array parameter.
Sugarcrm Sugar Suite 3.5
Sugarcrm Sugar Suite 4.0 Beta
2 EDB exploits
10
CVSSv2
CVE-2004-1227
Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and previous versions allows remote malicious users to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4)...
Sugarcrm Sugar Sales
1 EDB exploit
6.4
CVSSv2
CVE-2004-1228
The install scripts in SugarCRM Sugar Sales 2.0.1c and previous versions are not removed after installation, which allows malicious users to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database setti...
Sugarcrm Sugar Sales
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7