Description SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user. Remediation References CVE-2019-17311 Related Vulnerabilities MongoDb CVE-2024-6384 Vulnerability (CVE-2024-6384) Oracle JRE CVE-2013-0425 Vulnerability (CVE-2013-0425) WordPress Plugin WPML (WordPress Multilingual) Cross-Site Scripting (3.2.6) MySQL CVE-2023-22084 Vulnerability (CVE-2023-22084) WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner Multiple Vulnerabilities (3.1.1) Severity High Classification CVE-2019-17311 CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities