Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sugarcrm sugarcrm vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2004-1225
SQL injection vulnerability in SugarCRM Sugar Sales prior to 2.0.1a allows remote malicious users to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality.
Sugarcrm Sugarcrm 1.0g
Sugarcrm Sugarcrm 1.1
Sugarcrm Sugarcrm 1.5d
Sugarcrm Sugarcrm 2.0.1
Sugarcrm Sugarcrm 1.0
Sugarcrm Sugarcrm 1.0f
Sugarcrm Sugarcrm 1.1e
Sugarcrm Sugarcrm 1.1f
Sugarcrm Sugarcrm 1.1c
Sugarcrm Sugarcrm 1.1d
Sugarcrm Sugarcrm 1.1a
Sugarcrm Sugarcrm 1.1b
Sugarcrm Sugarcrm 2.0.1a
1 EDB exploit
1000
VMScore
CVE-2004-1227
Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and previous versions allows remote malicious users to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4)...
Sugarcrm Sugar Sales
1 EDB exploit
760
VMScore
CVE-2012-0694
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote malicious users to execute arbitrary PHP code.
Sugarcrm Sugarcrm
2 EDB exploits
760
VMScore
CVE-2005-4087
PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the beanFiles array parameter.
Sugarcrm Sugar Suite 3.5
Sugarcrm Sugar Suite 4.0 Beta
2 EDB exploits
755
VMScore
CVE-2011-4833
Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 prior to 6.1.7, 6.2 prior to 6.2.4, 6.3 prior to 6.3.0RC3, and 6.4 prior to 6.4.0beta1 allow remote malicious users to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_ful...
Sugarcrm Sugarcrm 6.2.1
Sugarcrm Sugarcrm 6.2.2
Sugarcrm Sugarcrm 6.1.3
Sugarcrm Sugarcrm 6.1.4
Sugarcrm Sugarcrm 6.3.0
Sugarcrm Sugarcrm 6.1.0
Sugarcrm Sugarcrm 6.4
Sugarcrm Sugarcrm 6.2.3
Sugarcrm Sugarcrm 6.1.5
Sugarcrm Sugarcrm 6.1.6
Sugarcrm Sugarcrm 6.2.0
Sugarcrm Sugarcrm 6.1.1
Sugarcrm Sugarcrm 6.1.2
1 EDB exploit
668
VMScore
CVE-2020-7472
An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM prior to 8.0, 8.0 prior to 8.0.7, 9.0 prior to 9.0.4, and 10.0 prior to 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via cr...
Sugarcrm Sugarcrm
668
VMScore
CVE-2014-3244
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM prior to 6.5.17 allows remote malicious users to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
Sugarcrm Sugarcrm
668
VMScore
CVE-2018-6308
Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, t...
Sugarcrm Sugarcrm 6.5.26
668
VMScore
CVE-2009-2978
SQL injection vulnerability in SugarCRM 4.5.1o and previous versions, 5.0.0k and previous versions, and 5.2.0g and previous versions, allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Sugarcrm Sugarcrm 1.0
Sugarcrm Sugarcrm 1.0f
Sugarcrm Sugarcrm 1.1e
Sugarcrm Sugarcrm 1.1f
Sugarcrm Sugarcrm 3.5.1
Sugarcrm Sugarcrm 4.0
Sugarcrm Sugarcrm
Sugarcrm Sugarcrm 5.2a
Sugarcrm Sugarcrm 5.2f
Sugarcrm Sugarcrm 1.1c
Sugarcrm Sugarcrm 1.1d
Sugarcrm Sugarcrm 3.0.1
Sugarcrm Sugarcrm 3.5
Sugarcrm Sugarcrm 4.5.0f
Sugarcrm Sugarcrm 4.5.1
Sugarcrm Sugarcrm 5.2d
Sugarcrm Sugarcrm 5.2c
Sugarcrm Sugarcrm 1.0g
Sugarcrm Sugarcrm 1.1
Sugarcrm Sugarcrm 1.5d
Sugarcrm Sugarcrm 2.0.1
Sugarcrm Sugarcrm 4.0.1
668
VMScore
CVE-2006-5082
Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) prior to 4.2.1 Patch C (20060917) has unspecified impact, related to code execution, and unspecified attack vectors.
Sugarcrm Sugar Suite 4.1
Sugarcrm Sugar Suite 4.2
Sugarcrm Sugar Suite 4.2.1
Sugarcrm Sugar Suite 4.0.1
Sugarcrm Sugar Suite 4.0 Beta
Sugarcrm Sugar Suite 3.5
Sugarcrm Sugar Suite 3.5.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »