Description SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user. Remediation References CVE-2019-17311 Related Vulnerabilities WordPress Plugin CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce Cross-Site Request Forgery (2.4.49) WordPress Plugin Survey Maker-Best WordPress Survey Cross-Site Scripting (3.1.3) XWiki Incomplete Cleanup Vulnerability (CVE-2023-36468) phpMyFAQ Improper Authorization Vulnerability (CVE-2014-6049) WordPress Plugin Post Form-Registration Form-Profile Form for User Profiles and Content Forms for User Submissions Security Bypass (2.3.2) Severity High Classification CVE-2019-17311 CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities