WEB APPLICATION VULNERABILITIES Standard & Premium

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17303)

Description

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user.

Remediation

References

Related Vulnerabilities

Ruby Double Free Vulnerability (CVE-2022-28738)

Drupal Improper Input Validation Vulnerability (CVE-2022-25271)

WordPress Plugin Gwolle Guestbook Cross-Site Scripting (2.5.3)

ownCloud CVE-2013-7344 Vulnerability (CVE-2013-7344)

WordPress Plugin Essential Blocks-Page Builder Gutenberg Blocks, Patterns & Templates Cross-Site Request Forgery (4.0.6)

Severity

High

Classification

CVE-2019-17303 CWE-94 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities