Description SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the EmailMan module by an Admin user. Remediation References CVE-2019-17309 Related Vulnerabilities WordPress Plugin Efence Multiple Cross-Site Scripting Vulnerabilities (1.3.2) WordPress Clickjacking Vulnerability (0.7 - 3.1.2) Jetty Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2009-5047) WordPress Plugin WP Floating Menu-One page navigator, sticky menu for WordPress Cross-Site Scripting (1.3.0) Drupal Improper Input Validation Vulnerability (CVE-2019-6339) Severity High Classification CVE-2019-17309 CWE-94 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities