Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17298)

Description

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user.

Remediation

References

Related Vulnerabilities

Oracle JRE CVE-2020-2755 Vulnerability (CVE-2020-2755)

Twisted Web HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2022-24801)

WordPress Plugin WordPress Gallery MaxGalleria Unspecified Vulnerability (6.0.8)

Joomla! Core Security Bypass (1.5.0 - 3.8.12)

WordPress Plugin Spectra-WordPress Gutenberg Blocks Cross-Site Scripting (1.14.11)

Severity

High

Classification

CVE-2019-17298 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities