Description

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user.

Remediation

References

CVE-2019-17303

Related Vulnerabilities

WordPress Plugin CM Tooltip Glossary-Better SEO and UEX for your WP site Cross-Site Scripting (3.3.4)

Oracle Database Server Cryptographic Issues Vulnerability (CVE-2006-0270)

Moodle Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2024-48896)

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9837)

WordPress Plugin DSGVO All in one for WP Cross-Site Scripting (4.1)

Severity

High

Classification

CVE-2019-17303 CWE-94 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities