WEB APPLICATION VULNERABILITIES Standard & Premium

SugarCRM Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2019-17315)

Description

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user.

Remediation

References

Related Vulnerabilities

Oracle Database Server Other Vulnerability (CVE-1999-0888)

MySQL CVE-2014-4243 Vulnerability (CVE-2014-4243)

Oracle HTTP Server Inadequate Encryption Strength Vulnerability (CVE-2013-2566)

phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15733)

Oracle Application Server Other Vulnerability (CVE-2004-1365)

Severity

High

Classification

CVE-2019-17315 CWE-915 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities