Description
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by an Admin user.
Remediation
References
Related Vulnerabilities
WordPress Plugin VIDEO GALLERY 'upload1.php' Arbitrary File Upload (1.3)
WordPress Plugin Advanced Ads-Ad Manager & AdSense Unspecified Vulnerability (1.7.1.1)
Oracle Database Server CVE-2020-2737 Vulnerability (CVE-2020-2737)
WordPress Plugin iThemes Exchange:Simple WP Ecommerce Cross-Site Scripting (1.11.18)