Description
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user.
Remediation
References
Related Vulnerabilities
WordPress Plugin Open Graph for Facebook, Google+ and Twitter Card Tags Cross-Site Scripting (2.2.4)
WordPress 4.6.x PHP Object Injection (4.6 - 4.6.20)
MySQL CVE-2020-2774 Vulnerability (CVE-2020-2774)
CrushFTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-18288)
WordPress Plugin Business Hours Pro Arbitrary File Upload (5.5.0)