Description
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user.
Remediation
References
Related Vulnerabilities
WordPress Plugin YARPP-Yet Another Related Posts PHP Object Injection (4.4)
PostgreSQL Improper Input Validation Vulnerability (CVE-2019-10211)
Jboss EAP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3518)
WebLogic CVE-2018-11039 Vulnerability (CVE-2018-11039)
WordPress Plugin WordPress Backup and Migrate-Backup Guard Cross-Site Request Forgery (1.1.90)