Description
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-0367)
Oracle HTTP Server Improper Certificate Validation Vulnerability (CVE-2020-26184)
MySQL CVE-2018-3182 Vulnerability (CVE-2018-3182)
WordPress 'admin-ajax.php' SQL Injection Vulnerability (2.1.3)
WordPress Plugin myCred-Points, Rewards, Gamification, Ranks, Badges & Loyalty SQL Injection (2.2)