Total
57 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-17306 | 1 Sugarcrm | 1 Sugarcrm | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user. | |||||
CVE-2020-17372 | 1 Sugarcrm | 1 Sugarcrm | 2020-08-13 | 3.5 LOW | 5.4 MEDIUM |
SugarCRM before 10.1.0 (Q3 2020) allows XSS. | |||||
CVE-2018-17784 | 1 Sugarcrm | 1 Sugarcrm | 2020-03-13 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. | |||||
CVE-2012-0694 | 1 Sugarcrm | 1 Sugarcrm | 2019-11-01 | 7.5 HIGH | 9.8 CRITICAL |
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code. | |||||
CVE-2019-17292 | 1 Sugarcrm | 1 Sugarcrm | 2019-10-10 | 6.5 MEDIUM | 7.2 HIGH |
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user. | |||||
CVE-2019-17293 | 1 Sugarcrm | 1 Sugarcrm | 2019-10-10 | 6.5 MEDIUM | 8.8 HIGH |
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user. | |||||
CVE-2019-17294 | 1 Sugarcrm | 1 Sugarcrm | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user. | |||||
CVE-2019-17298 | 1 Sugarcrm | 1 Sugarcrm | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user. | |||||
CVE-2019-17319 | 1 Sugarcrm | 1 Sugarcrm | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user. | |||||
CVE-2019-17318 | 1 Sugarcrm | 1 Sugarcrm | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user. | |||||
CVE-2019-17311 | 1 Sugarcrm | 1 Sugarcrm | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user. | |||||
CVE-2019-17297 | 1 Sugarcrm | 1 Sugarcrm | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user. | |||||
CVE-2019-17296 | 1 Sugarcrm | 1 Sugarcrm | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user. | |||||
CVE-2019-17295 | 1 Sugarcrm | 1 Sugarcrm | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user. | |||||
CVE-2019-17312 | 1 Sugarcrm | 1 Sugarcrm | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user. | |||||
CVE-2019-17314 | 1 Sugarcrm | 1 Sugarcrm | 2019-10-09 | 6.5 MEDIUM | 7.2 HIGH |
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user. | |||||
CVE-2019-17313 | 1 Sugarcrm | 1 Sugarcrm | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user. | |||||
CVE-2019-14974 | 1 Sugarcrm | 1 Sugarcrm | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS. | |||||
CVE-2006-2460 | 1 Sugarcrm | 1 Sugarcrm | 2018-10-18 | 6.4 MEDIUM | N/A |
Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter. | |||||
CVE-2008-2045 | 1 Sugarcrm | 1 Sugarcrm | 2018-10-11 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote attackers to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache file in the .cache/feeds directory. |