WEB APPLICATION VULNERABILITIES Standard & Premium

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17306)

Description

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user.

Remediation

References

Related Vulnerabilities

Moodle Improper Input Validation Vulnerability (CVE-2006-4936)

WordPress Plugin WPtouch Cross-Site Scripting (4.3.42)

WordPress Plugin NextGEN Gallery-WordPress Gallery 'xml/media-rss.php' Cross-Site Scripting (1.5.1)

WordPress Plugin Shopping Cart & eCommerce Store Unspecified Vulnerability (3.1.9)

WordPress Plugin Pardakht Delkhah Cross-Site Scripting (2.9.2)

Severity

High

Classification

CVE-2019-17306 CWE-94 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities