Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17306)

Description

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user.

Remediation

References

Related Vulnerabilities

WordPress Plugin WP Smiley Multiple Vulnerabilities (1.4.1)

Oracle Database Server CVE-2008-0341 Vulnerability (CVE-2008-0341)

Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-34187)

Jenkins Missing Authorization Vulnerability (CVE-2019-10354)

WordPress 3.7.1 Multiple Vulnerabilities (3.7 - 3.7.1)

Severity

High

Classification

CVE-2019-17306 CWE-94 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities