VYPR

Vendor CVEs

Sugarcrm

All CVEs

69 total · sorted by risk
  • CVE-2019-17309Oct 7, 2019
    risk 0.00cvss epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the EmailMan module by an Admin user.

  • CVE-2019-17310Oct 7, 2019
    risk 0.00cvss epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user.

  • CVE-2019-17311Oct 7, 2019
    risk 0.00cvss epss 0.02

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user.

  • CVE-2019-17312Oct 7, 2019
    risk 0.00cvss epss 0.02

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user.

  • CVE-2019-17313Oct 7, 2019
    risk 0.00cvss epss 0.02

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user.

  • CVE-2019-17314Oct 7, 2019
    risk 0.00cvss epss 0.02

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user.

  • CVE-2019-17315Oct 7, 2019
    risk 0.00cvss epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user.

  • CVE-2019-17316Oct 7, 2019
    risk 0.00cvss epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user.

  • CVE-2019-17317Oct 7, 2019
    risk 0.00cvss epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user.

  • CVE-2019-17318Oct 7, 2019
    risk 0.00cvss epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user.

  • CVE-2019-17319Oct 7, 2019
    risk 0.00cvss epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user.

  • CVE-2011-3803Sep 24, 2011
    risk 0.00cvss epss 0.01

    SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files.

  • CVE-2010-0465Mar 19, 2010
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field.

  • CVE-2009-2978Aug 27, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2006-6712Dec 23, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages.

  • CVE-2006-5082Sep 29, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before 4.2.1 Patch C (20060917) has unspecified impact, related to code execution, and unspecified attack vectors.

  • CVE-2004-1228Jan 10, 2005
    risk 0.00cvss epss 0.01

    The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the…

  • CVE-2004-1226Jan 10, 2005
    risk 0.00cvss epss 0.01

    SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter.

  • CVE-2005-0266Jan 1, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter.

Page 2 of 2