Description
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user.
Remediation
References
Related Vulnerabilities
MySQL CVE-2013-3794 Vulnerability (CVE-2013-3794)
WordPress 2.0.3 Multiple Unspecified Security Vulnerabilities (2.0 - 2.0.3)
WordPress Plugin MP3-jPlayer Multiple Cross-Site Scripting Vulnerabilities (1.8.11)
WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional Cross-Site Scripting (1.3.7.4)