Description
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user.
Remediation
References
Related Vulnerabilities
Dolibarr Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-17898)
WordPress Plugin Mass Delete Taxonomies Cross-Site Request Forgery (3.0.0)
WordPress Plugin HyperComments Arbitrary File Deletion (1.2.2)
WordPress Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-31210)