WEB APPLICATION VULNERABILITIES Standard & Premium

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17307)

Description

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user.

Remediation

References

Related Vulnerabilities

Nginx CVE-2010-4180 Vulnerability (CVE-2010-4180)

MySQL CVE-2016-0667 Vulnerability (CVE-2016-0667)

MyBB Improper Access Control Vulnerability (CVE-2016-9413)

Oracle JRE CVE-2014-0461 Vulnerability (CVE-2014-0461)

WordPress Plugin job-portal Cross-Site Scripting (0.0.1)

Severity

High

Classification

CVE-2019-17307 CWE-94 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities