Description

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user.

Remediation

References

CVE-2019-17305

Related Vulnerabilities

TYPO3 Improper Input Validation Vulnerability (CVE-2019-11832)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2531)

Joomla! Core 1.6.x Multiple Cross-Site Scripting Vulnerabilities (1.6.0 - 1.6.3)

WordPress Plugin WPtouch Cross-Site Scripting (4.3.42)

MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-4624)

Severity

High

Classification

CVE-2019-17305 CWE-94 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities