Description SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the EmailMan module by an Admin user. Remediation References CVE-2019-17309 Related Vulnerabilities Joomla! Core Information Disclosure (1.5.0 - 3.7.5) WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Cross-Site Scripting (3.2.6) WordPress Plugin Circles Gallery Cross-Site Scripting (1.0.10) SharePoint CVE-2023-36890 Vulnerability (CVE-2023-36890) WordPress Plugin Viral Quiz Maker-OnionBuzz SQL Injection (1.2.6) Severity High Classification CVE-2019-17309 CWE-94 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities