Description

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user.

Remediation

References

CVE-2019-17316

Related Vulnerabilities

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13828)

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.18)

MediaWiki Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-42040)

WordPress Plugin Contact Form 7 Security Bypass (4.1)

Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7903)

Severity

High

Classification

CVE-2019-17316 CWE-915 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities