Description SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user. Remediation References CVE-2019-17300 Related Vulnerabilities WordPress Plugin Best Seo Remote Code Execution (1.5) WordPress Plugin Google Drive for WordPress Arbitrary File Deletion (2.2) Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-3267) MySQL CVE-2016-5439 Vulnerability (CVE-2016-5439) WordPress 4.1.x Same Origin Method Execution (SOME) Vulnerability (4.1 - 4.1.10) Severity High Classification CVE-2019-17300 CWE-94 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities