Description SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user. Remediation References CVE-2019-17292 Related Vulnerabilities Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.9.19) WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder Cross-Site Request Forgery (1.13.4) WordPress Plugin Helpful Security Bypass (4.5.14) Django Other Vulnerability (CVE-2009-3695) Nginx Out-of-bounds Write Vulnerability (CVE-2009-2629) Severity High Classification CVE-2019-17292 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities