Description
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user.
Remediation
References
Related Vulnerabilities
OpenSSL Resource Management Errors Vulnerability (CVE-2011-4109)
Apache HTTP Server Improper Authentication Vulnerability (CVE-2018-1312)
Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2015-1399)
WordPress Plugin wp Dreamwork Gallery 'upload.php' Arbitrary File Upload (2.1)