Description SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user. Remediation References CVE-2019-17293 Related Vulnerabilities WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10673) WordPress Plugin Email Artillery (MASS EMAIL) Multiple Vulnerabilities (4.1) OpenSSL Other Vulnerability (CVE-2002-0656) WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Arbitrary File Deletion (1.0.78) Oracle JRE CVE-2019-2958 Vulnerability (CVE-2019-2958) Severity High Classification CVE-2019-17293 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities