Description

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user.

Remediation

References

CVE-2019-17301

Related Vulnerabilities

WordPress Plugin Form Vibes-Database Manager for Forms SQL Injection (1.4.10)

MySQL CVE-2019-2914 Vulnerability (CVE-2019-2914)

XWiki CVE-2023-26474 Vulnerability (CVE-2023-26474)

phpMyFAQ Weak Password Requirements Vulnerability (CVE-2022-3754)

WordPress Plugin NextCellent Gallery-NextGEN Legacy Cross-Site Scripting (1.9.17)

Severity

High

Classification

CVE-2019-17301 CWE-94 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities