Description SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user. Remediation References CVE-2019-17315 Related Vulnerabilities Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0013) WordPress Plugin WP Booking System Cross-Site Scripting (1.3.3) WordPress Plugin Affiliates Manager Multiple Vulnerabilities (2.9.13) SharePoint Download of Code Without Integrity Check Vulnerability (CVE-2020-1452) Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.22) Severity High Classification CVE-2019-17315 CWE-915 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities