Description
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user.
Remediation
References
Related Vulnerabilities
PHP NULL Pointer Dereference Vulnerability (CVE-2016-9934)
WordPress Plugin Disqus Comment System Multiple Vulnerabilities (2.75)
WordPress Plugin Plugmatter Pricing Table Cross-Site Scripting (1.0.32)
FrontAccounting Multiple SQL Injection Vulnerabilities (CVE-2014-3973)
WordPress Plugin Ultimate Addons for Elementor Security Bypass (1.24.1)