Description
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user.
Remediation
References
Related Vulnerabilities
Sqlite Out-of-bounds Read Vulnerability (CVE-2021-31239)
Oracle Database Server CVE-2011-0793 Vulnerability (CVE-2011-0793)
Dolibarr CVE-2019-11200 Vulnerability (CVE-2019-11200)
WordPress Plugin Fungif The Awesome GIFs Cross-Site Scripting (2.0)
Plone CMS Improper Authentication Vulnerability (CVE-2009-0662)