Description SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the EmailMan module by an Admin user. Remediation References CVE-2019-17309 Related Vulnerabilities Oracle Database Server CVE-2008-1819 Vulnerability (CVE-2008-1819) WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.16) WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11113) WordPress Plugin RegistrationMagic-Custom Registration Forms, User Registration, Payment, and User Login Multiple Vulnerabilities (4.6.0.1) WordPress Plugin FancyFlickr Cross-Site Scripting (1.0) Severity High Classification CVE-2019-17309 CWE-94 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities