Description SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user. Remediation References CVE-2019-17310 Related Vulnerabilities WordPress Plugin IWantOneButton 'updateAJAX.php' SQL Injection (3.0.1) WordPress Plugin MapSVG Lite Arbitrary File Upload (4.0.5) WordPress Plugin WP Statistics SQL Injection (12.0.7) Nginx Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0337) MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2934) Severity High Classification CVE-2019-17310 CWE-94 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Tags Missing Update Known Vulnerabilities