WEB APPLICATION VULNERABILITIES Standard & Premium

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17307)

Description

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user.

Remediation

References

Related Vulnerabilities

WordPress Plugin Search Exclude Security Bypass (1.2.2)

WordPress Plugin Extensive VC Addons for WPBakery page builder Local File Inclusion (1.9)

Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5741)

Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.6)

WordPress Plugin Flickrpress PHP Object Injection (1.0.2)

Severity

High

Classification

CVE-2019-17307 CWE-94 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities