Description
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user.
Remediation
References
Related Vulnerabilities
Moodle Incorrect Authorization Vulnerability (CVE-2021-20283)
WordPress Plugin Contact Form Integrated With Google Maps Cross-Site Scripting (2.4)
WordPress Plugin Zoho CRM Lead Magnet Cross-Site Scripting (1.6.9.1)
ATutor Incorrect Authorization Vulnerability (CVE-2019-16114)
WordPress Plugin WP eCommerce 'wpsc-transaction_results_functions.php' SQL Injection (3.8.7.5)