Description SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user. Remediation References CVE-2019-17316 Related Vulnerabilities WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Security Bypass (1.3.83) MySQL CVE-2019-2974 Vulnerability (CVE-2019-2974) SharePoint CVE-2021-36940 Vulnerability (CVE-2021-36940) Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8902) WordPress Plugin Motors-Car Dealer & Classified Ads Multiple Vulnerabilities (1.4.0) Severity High Classification CVE-2019-17316 CWE-915 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities