CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Sugarcrm : Security Vulnerabilities Published In 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-17319 89 Sql 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user.
2 CVE-2019-17318 89 Sql 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user.
3 CVE-2019-17317 20 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user.
4 CVE-2019-17316 20 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user.
5 CVE-2019-17315 20 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user.
6 CVE-2019-17314 22 Dir. Trav. 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user.
7 CVE-2019-17313 22 Dir. Trav. 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user.
8 CVE-2019-17312 22 Dir. Trav. 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user.
9 CVE-2019-17311 22 Dir. Trav. 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user.
10 CVE-2019-17310 20 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user.
11 CVE-2019-17309 20 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the EmailMan module by an Admin user.
12 CVE-2019-17308 20 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user.
13 CVE-2019-17307 20 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user.
14 CVE-2019-17306 20 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user.
15 CVE-2019-17305 20 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user.
16 CVE-2019-17304 20 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by an Admin user.
17 CVE-2019-17303 20 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user.
18 CVE-2019-17302 20 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user.
19 CVE-2019-17301 20 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user.
20 CVE-2019-17300 20 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user.
21 CVE-2019-17299 20 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user.
22 CVE-2019-17298 89 Sql 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user.
23 CVE-2019-17297 89 Sql 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user.
24 CVE-2019-17296 89 Sql 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user.
25 CVE-2019-17295 89 Sql 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user.
26 CVE-2019-17294 89 Sql 2019-10-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user.
27 CVE-2019-17293 89 Sql 2019-10-07 2019-10-10
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user.
28 CVE-2019-17292 89 Sql 2019-10-07 2019-10-10
6.5
None Remote Low Single system Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user.
29 CVE-2019-14974 79 XSS 2019-08-14 2019-08-19
4.3
None Remote Medium Not required None Partial None
SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.
Total number of vulnerabilities : 29   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.