Description
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user.
Remediation
References
Related Vulnerabilities
WordPress Plugin Content Blocks (Custom Post Widget) Cross-Site Scripting (3.0)
WordPress 4.3.x PHP Object Injection (4.3 - 4.3.25)
WordPress Plugin WHIZZ Cross-Site Request Forgery (1.1)
Oracle JRE CVE-2013-5854 Vulnerability (CVE-2013-5854)
WordPress Plugin UserPro-Community and User Profile Privilege Escalation (4.9.20)