WEB APPLICATION VULNERABILITIES Standard & Premium

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17299)

Description

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user.

Remediation

References

Related Vulnerabilities

easyXDM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-27739)

MySQL CVE-2013-5793 Vulnerability (CVE-2013-5793)

WordPress Plugin Giveaway SQL Injection (1.2.2)

Oracle JRE CVE-2022-21426 Vulnerability (CVE-2022-21426)

MySQL CVE-2021-2339 Vulnerability (CVE-2021-2339)

Severity

High

Classification

CVE-2019-17299 CWE-94 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities