Description SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user. Remediation References CVE-2019-17296 Related Vulnerabilities WordPress Plugin Solidres-Hotel booking for WordPress Multiple Cross-Site Scripting Vulnerabilities (0.9.4) SharePoint Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-8501) WordPress Plugin Backup and Staging by WP Time Capsule Security Bypass (1.21.15) WordPress Plugin YITH WooCommerce Social Login Security Bypass (1.3.4) Tornado Improper Input Validation Vulnerability (CVE-2012-2374) Severity High Classification CVE-2019-17296 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities