Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Arbitrary File Read Arbitrary File Write Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Path Traversal Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17309) CVE-2019-17309 CWE-94 CWE-94 High SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17310) CVE-2019-17310 CWE-94 CWE-94 High SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-46816) CVE-2023-46816 CWE-94 CWE-94 High SugarCRM Improper Input Validation Vulnerability (CVE-2011-0745) CVE-2011-0745 CWE-20 CWE-20 Medium SugarCRM Improper Input Validation Vulnerability (CVE-2012-0694) CVE-2012-0694 CWE-20 CWE-20 Critical SugarCRM Improper Input Validation Vulnerability (CVE-2017-14509) CVE-2017-14509 CWE-20 CWE-20 High SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-2045) CVE-2008-2045 CWE-22 CWE-22 Medium SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17311) CVE-2019-17311 CWE-22 CWE-22 High SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17312) CVE-2019-17312 CWE-22 CWE-22 High SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17313) CVE-2019-17313 CWE-22 CWE-22 High SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17314) CVE-2019-17314 CWE-22 CWE-22 High SugarCRM Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2019-17315) CVE-2019-17315 CWE-915 CWE-915 High SugarCRM Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2019-17316) CVE-2019-17316 CWE-915 CWE-915 High SugarCRM Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2019-17317) CVE-2019-17317 CWE-915 CWE-915 High SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-0465) CVE-2010-0465 CWE-707 CWE-707 Medium SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14510) CVE-2017-14510 CWE-707 CWE-707 Medium SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5715) CVE-2018-5715 CWE-707 CWE-707 Medium SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17784) CVE-2018-17784 CWE-707 CWE-707 Medium SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14974) CVE-2019-14974 CWE-707 CWE-707 Medium SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-17372) CVE-2020-17372 CWE-707 CWE-707 Medium SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-28955) CVE-2020-28955 CWE-707 CWE-707 Medium SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-28956) CVE-2020-28956 CWE-707 CWE-707 Medium SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-36501) CVE-2020-36501 CWE-707 CWE-707 Medium SugarCRM Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-35810) CVE-2023-35810 CWE-138 CWE-138 High SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-2978) CVE-2009-2978 CWE-138 CWE-138 High SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4833) CVE-2011-4833 CWE-138 CWE-138 High SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-14508) CVE-2017-14508 CWE-138 CWE-138 High SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-6308) CVE-2018-6308 CWE-138 CWE-138 Critical SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17292) CVE-2019-17292 CWE-138 CWE-138 High SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17293) CVE-2019-17293 CWE-138 CWE-138 High SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17294) CVE-2019-17294 CWE-138 CWE-138 High SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17295) CVE-2019-17295 CWE-138 CWE-138 High SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17296) CVE-2019-17296 CWE-138 CWE-138 High SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17297) CVE-2019-17297 CWE-138 CWE-138 High SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17298) CVE-2019-17298 CWE-138 CWE-138 High SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17318) CVE-2019-17318 CWE-138 CWE-138 High SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17319) CVE-2019-17319 CWE-138 CWE-138 High SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-17373) CVE-2020-17373 CWE-138 CWE-138 Medium SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-35811) CVE-2023-35811 CWE-138 CWE-138 High SugarCRM Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3244) CVE-2014-3244 CWE-611 CWE-611 Critical SugarCRM Incomplete List of Disallowed Inputs Vulnerability (CVE-2015-5946) CVE-2015-5946 CWE-184 CWE-184 High SugarCRM Missing Authorization Vulnerability (CVE-2020-7472) CVE-2020-7472 CWE-862 CWE-862 Critical SugarCRM Other Vulnerability (CVE-2004-1225) CVE-2004-1225 Critical SugarCRM Other Vulnerability (CVE-2005-0266) CVE-2005-0266 Medium SugarCRM Other Vulnerability (CVE-2006-2460) CVE-2006-2460 Medium SugarCRM Other Vulnerability (CVE-2006-6712) CVE-2006-6712 Medium SugarCRM Other Vulnerability (CVE-2009-2146) CVE-2009-2146 Medium SugarCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-35808) CVE-2023-35808 CWE-434 CWE-434 High SugarCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-46815) CVE-2023-46815 CWE-434 CWE-434 High SuiteCRM SQL Injection (CVE-2024-36412) CVE-2024-36412 CWE-89 CWE-89 Critical SVN Detected CWE-538 CWE-538 High Swagger UI DOM XSS vulnerability CWE-80 CWE-80 High Swagger UI Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-5682) CVE-2016-5682 CWE-707 CWE-707 Medium Symfony databases.yml configuration file CWE-538 CWE-538 High Symfony debug mode enabled CWE-200 CWE-200 Low Symfony debug mode enabled (AcuSensor) CWE-16 CWE-16 Medium Symfony ESI (Edge-Side Includes) enabled CWE-16 CWE-16 Low Symfony Profiler open CWE-200 CWE-200 Medium Symfony RCE via weak/predictable APP_SECRET CWE-94 CWE-94 High Symfony running in dev mode CWE-16 CWE-16 Medium Symfony weak application secret CWE-94 CWE-94 High Symfony web debug toolbar CWE-489 CWE-489 Medium SysAid On-Premise RCE (CVE-2023-47246) CVE-2023-47246 CWE-22 CWE-22 Critical TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3806) CVE-2011-3806 CWE-200 CWE-200 Medium TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-5743) CVE-2020-5743 CWE-200 CWE-200 Medium TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-20114) CVE-2021-20114 CWE-200 CWE-200 High TCExam Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-5744) CVE-2020-5744 CWE-22 CWE-22 Medium TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4238) CVE-2012-4238 CWE-707 CWE-707 Low TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4602) CVE-2012-4602 CWE-707 CWE-707 Medium TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-13422) CVE-2018-13422 CWE-707 CWE-707 Medium TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5745) CVE-2020-5745 CWE-707 CWE-707 High TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5746) CVE-2020-5746 CWE-707 CWE-707 Medium TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5747) CVE-2020-5747 CWE-707 CWE-707 Medium TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5748) CVE-2020-5748 CWE-707 CWE-707 Medium TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5749) CVE-2020-5749 CWE-707 CWE-707 Medium 1...171172173174...306 172 / 306
