VYPR

Sugarcrm

by Sugarcrm

CVEs (62)

  • CVE-2019-17305Oct 7, 2019
    risk 0.00cvss epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user.

  • CVE-2019-17306Oct 7, 2019
    risk 0.00cvss epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user.

  • CVE-2019-17307Oct 7, 2019
    risk 0.00cvss epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user.

  • CVE-2019-17308Oct 7, 2019
    risk 0.00cvss epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user.

  • CVE-2019-17309Oct 7, 2019
    risk 0.00cvss epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the EmailMan module by an Admin user.

  • CVE-2019-17310Oct 7, 2019
    risk 0.00cvss epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user.

  • CVE-2019-17311Oct 7, 2019
    risk 0.00cvss epss 0.02

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user.

  • CVE-2019-17312Oct 7, 2019
    risk 0.00cvss epss 0.02

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user.

  • CVE-2019-17313Oct 7, 2019
    risk 0.00cvss epss 0.02

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user.

  • CVE-2019-17314Oct 7, 2019
    risk 0.00cvss epss 0.02

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user.

  • CVE-2019-17315Oct 7, 2019
    risk 0.00cvss epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user.

  • CVE-2019-17316Oct 7, 2019
    risk 0.00cvss epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user.

  • CVE-2019-17317Oct 7, 2019
    risk 0.00cvss epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user.

  • CVE-2019-17318Oct 7, 2019
    risk 0.00cvss epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user.

  • CVE-2019-17319Oct 7, 2019
    risk 0.00cvss epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user.

  • CVE-2011-3803Sep 24, 2011
    risk 0.00cvss epss 0.01

    SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files.

  • CVE-2010-0465Mar 19, 2010
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field.

  • CVE-2009-2978Aug 27, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2006-6712Dec 23, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages.

  • CVE-2006-5082Sep 29, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before 4.2.1 Patch C (20060917) has unspecified impact, related to code execution, and unspecified attack vectors.