Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sugarcrm vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2019-17306
SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2 allows PHP code injection in the Configurator module by an Admin user.
Sugarcrm Sugarcrm
578
VMScore
CVE-2019-17311
SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2 allows directory traversal in the attachment function by a Regular user.
Sugarcrm Sugarcrm
578
VMScore
CVE-2019-17312
SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2 allows directory traversal in the file function by a Regular user.
Sugarcrm Sugarcrm
578
VMScore
CVE-2019-17314
SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2 allows directory traversal in the Configurator module by an Admin user.
Sugarcrm Sugarcrm
NA
CVE-2023-35808
An issue exists in SugarCRM Enterprise prior to 11.0.6 and 12.x prior to 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing ...
Sugarcrm Sugarcrm
NA
CVE-2023-35811
An issue exists in SugarCRM Enterprise prior to 11.0.6 and 12.x prior to 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privi...
Sugarcrm Sugarcrm
578
VMScore
CVE-2019-17292
SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user.
Sugarcrm Sugarcrm
578
VMScore
CVE-2019-17294
SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2 allows SQL injection in the export function by a Regular user.
Sugarcrm Sugarcrm
578
VMScore
CVE-2019-17298
SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2 allows SQL injection in the Administration module by a Developer user.
Sugarcrm Sugarcrm
578
VMScore
CVE-2019-17301
SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user.
Sugarcrm Sugarcrm
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »