Sugarcrm
by Sugarcrm
CVEs (62)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-17305 | 0.00 | — | 0.01 | Oct 7, 2019 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user. | |||
| CVE-2019-17306 | 0.00 | — | 0.01 | Oct 7, 2019 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user. | |||
| CVE-2019-17307 | 0.00 | — | 0.01 | Oct 7, 2019 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user. | |||
| CVE-2019-17308 | 0.00 | — | 0.01 | Oct 7, 2019 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user. | |||
| CVE-2019-17309 | 0.00 | — | 0.01 | Oct 7, 2019 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the EmailMan module by an Admin user. | |||
| CVE-2019-17310 | 0.00 | — | 0.01 | Oct 7, 2019 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user. | |||
| CVE-2019-17311 | 0.00 | — | 0.02 | Oct 7, 2019 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user. | |||
| CVE-2019-17312 | 0.00 | — | 0.02 | Oct 7, 2019 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user. | |||
| CVE-2019-17313 | 0.00 | — | 0.02 | Oct 7, 2019 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user. | |||
| CVE-2019-17314 | 0.00 | — | 0.02 | Oct 7, 2019 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user. | |||
| CVE-2019-17315 | 0.00 | — | 0.01 | Oct 7, 2019 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user. | |||
| CVE-2019-17316 | 0.00 | — | 0.01 | Oct 7, 2019 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user. | |||
| CVE-2019-17317 | 0.00 | — | 0.01 | Oct 7, 2019 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user. | |||
| CVE-2019-17318 | 0.00 | — | 0.01 | Oct 7, 2019 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user. | |||
| CVE-2019-17319 | 0.00 | — | 0.01 | Oct 7, 2019 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user. | |||
| CVE-2011-3803 | 0.00 | — | 0.01 | Sep 24, 2011 | SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files. | |||
| CVE-2010-0465 | 0.00 | — | 0.01 | Mar 19, 2010 | Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field. | |||
| CVE-2009-2978 | 0.00 | — | 0.01 | Aug 27, 2009 | SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2006-6712 | 0.00 | — | 0.01 | Dec 23, 2006 | Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages. | |||
| CVE-2006-5082 | 0.00 | — | 0.02 | Sep 29, 2006 | Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before 4.2.1 Patch C (20060917) has unspecified impact, related to code execution, and unspecified attack vectors. |
- CVE-2019-17305Oct 7, 2019risk 0.00cvss —epss 0.01
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user.
- CVE-2019-17306Oct 7, 2019risk 0.00cvss —epss 0.01
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user.
- CVE-2019-17307Oct 7, 2019risk 0.00cvss —epss 0.01
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user.
- CVE-2019-17308Oct 7, 2019risk 0.00cvss —epss 0.01
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user.
- CVE-2019-17309Oct 7, 2019risk 0.00cvss —epss 0.01
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the EmailMan module by an Admin user.
- CVE-2019-17310Oct 7, 2019risk 0.00cvss —epss 0.01
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user.
- CVE-2019-17311Oct 7, 2019risk 0.00cvss —epss 0.02
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user.
- CVE-2019-17312Oct 7, 2019risk 0.00cvss —epss 0.02
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user.
- CVE-2019-17313Oct 7, 2019risk 0.00cvss —epss 0.02
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user.
- CVE-2019-17314Oct 7, 2019risk 0.00cvss —epss 0.02
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user.
- CVE-2019-17315Oct 7, 2019risk 0.00cvss —epss 0.01
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user.
- CVE-2019-17316Oct 7, 2019risk 0.00cvss —epss 0.01
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user.
- CVE-2019-17317Oct 7, 2019risk 0.00cvss —epss 0.01
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user.
- CVE-2019-17318Oct 7, 2019risk 0.00cvss —epss 0.01
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user.
- CVE-2019-17319Oct 7, 2019risk 0.00cvss —epss 0.01
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user.
- CVE-2011-3803Sep 24, 2011risk 0.00cvss —epss 0.01
SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files.
- CVE-2010-0465Mar 19, 2010risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field.
- CVE-2009-2978Aug 27, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2006-6712Dec 23, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages.
- CVE-2006-5082Sep 29, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before 4.2.1 Patch C (20060917) has unspecified impact, related to code execution, and unspecified attack vectors.
Page 3 of 4