Description
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user.
Remediation
References
Related Vulnerabilities
WordPress 'index.php' Cross-Site Scripting Vulnerability (1.5)
Oracle Database Server CVE-2015-2595 Vulnerability (CVE-2015-2595)
WordPress Plugin All-in-One Video Gallery Multiple Vulnerabilities (2.6.0)
Envoy Proxy Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2019-9901)
WordPress Plugin WP-Matomo (WP-Piwik) Cross-Site Scripting (1.0.10)