Description

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user.

Remediation

References

CVE-2019-17318

Related Vulnerabilities

WordPress Plugin MailChimp for WooCommerce Local File Inclusion (2.1.1)

SharePoint Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-5059)

Oracle JRE CVE-2013-5851 Vulnerability (CVE-2013-5851)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-43941)

Jboss EAP Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2017-7536)

Severity

High

Classification

CVE-2019-17318 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities