Vulnerabilities > Sugarcrm

DATE CVE VULNERABILITY TITLE RISK
2023-06-17 CVE-2023-35808 Unrestricted Upload of File with Dangerous Type vulnerability in Sugarcrm 11.0.0/12.0.0
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3.
network
low complexity
sugarcrm CWE-434
8.8
8.8
2023-06-17 CVE-2023-35809 Unspecified vulnerability in Sugarcrm 11.0.0/12.0.0
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3.
network
low complexity
sugarcrm
8.8
8.8
2023-06-17 CVE-2023-35810 Injection vulnerability in Sugarcrm 11.0.0/12.0.0
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3.
network
low complexity
sugarcrm CWE-74
7.2
7.2
2023-06-17 CVE-2023-35811 SQL Injection vulnerability in Sugarcrm 11.0.0/12.0.0
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3.
network
low complexity
sugarcrm CWE-89
8.8
8.8
2023-01-11 CVE-2023-22952 Improper Input Validation vulnerability in Sugarcrm
In SugarCRM before 12.0.
network
low complexity
sugarcrm CWE-20
8.8
8.8
2021-10-22 CVE-2020-28955 Cross-site Scripting vulnerability in Sugarcrm 6.5.18
SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module.
network
sugarcrm CWE-79
3.5
3.5
2021-10-22 CVE-2020-28956 Cross-site Scripting vulnerability in Sugarcrm 6.5.18
Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.
network
sugarcrm CWE-79
3.5
3.5
2021-10-22 CVE-2020-36501 Cross-site Scripting vulnerability in Sugarcrm 6.5.18
Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.
network
sugarcrm CWE-79
3.5
3.5
2020-11-12 CVE-2020-7472 Missing Authorization vulnerability in Sugarcrm
An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests.
network
low complexity
sugarcrm CWE-862
7.5
7.5
2020-08-12 CVE-2020-17373 SQL Injection vulnerability in Sugarcrm
SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection.
network
high complexity
sugarcrm CWE-89
5.3
5.3