Description SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user. Remediation References CVE-2019-17308 Related Vulnerabilities WordPress Plugin MW WP Form Cross-Site Scripting (2.10.0) Oracle Database Server Other Vulnerability (CVE-2005-3438) PostgreSQL Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-1115) Oracle Application Server CVE-2006-0291 Vulnerability (CVE-2006-0291) WordPress Plugin Site Import Remote File Inclusion (1.0.1) Severity High Classification CVE-2019-17308 CWE-94 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities