Description

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user.

Remediation

References

CVE-2019-17314

Related Vulnerabilities

WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Arbitrary File Upload (3.4.3)

WordPress Plugin Price Commander for WooCommerce Security Bypass (1.2.2)

PHP Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2010-4657)

MySQL Other Vulnerability (CVE-2009-0819)

Jboss EAP Improper Input Validation Vulnerability (CVE-2011-4314)

Severity

High

Classification

CVE-2019-17314 CWE-22 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities