Description

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user.

Remediation

References

CVE-2019-17314

Related Vulnerabilities

PHP NULL Pointer Dereference Vulnerability (CVE-2016-9934)

WordPress Plugin Disqus Comment System Multiple Vulnerabilities (2.75)

WordPress Plugin Plugmatter Pricing Table Cross-Site Scripting (1.0.32)

FrontAccounting Multiple SQL Injection Vulnerabilities (CVE-2014-3973)

WordPress Plugin Ultimate Addons for Elementor Security Bypass (1.24.1)

Severity

High

Classification

CVE-2019-17314 CWE-22 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities