Description
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user.
Remediation
References
Related Vulnerabilities
WordPress Plugin Itinerary Cross-Site Scripting (1.0.0)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.67)
MediaWiki Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-45371)
WordPress Plugin Related Posts for WordPress Cross-Site Scripting (1.8.1)