Description

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user.

Remediation

References

CVE-2019-17299

Related Vulnerabilities

WordPress Plugin Open Graph for Facebook, Google+ and Twitter Card Tags Cross-Site Scripting (2.2.4)

WordPress 4.6.x PHP Object Injection (4.6 - 4.6.20)

MySQL CVE-2020-2774 Vulnerability (CVE-2020-2774)

CrushFTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-18288)

WordPress Plugin Business Hours Pro Arbitrary File Upload (5.5.0)

Severity

High

Classification

CVE-2019-17299 CWE-94 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities