Vulnerabilities > Sugarcrm

DATE CVE VULNERABILITY TITLE RISK
2020-11-12 CVE-2020-7472 Improper Input Validation vulnerability in Sugarcrm
An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests.
network
low complexity
sugarcrm CWE-20
critical
 9.8
9.8
2020-08-12 CVE-2020-17373 SQL Injection vulnerability in Sugarcrm
SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection.
network
high complexity
sugarcrm CWE-89
5.3
5.3
2020-08-12 CVE-2020-17372 Cross-site Scripting vulnerability in Sugarcrm
SugarCRM before 10.1.0 (Q3 2020) allows XSS.
network
low complexity
sugarcrm CWE-79
5.4
5.4
2019-10-29 CVE-2012-0694 Improper Input Validation vulnerability in Sugarcrm 6.3.1
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
network
low complexity
sugarcrm CWE-20
critical
 9.8
9.8
2019-10-07 CVE-2019-17314 Path Traversal vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user.
network
low complexity
sugarcrm CWE-22
7.2
7.2
2019-10-07 CVE-2019-17313 Path Traversal vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user.
network
low complexity
sugarcrm CWE-22
8.8
8.8
2019-10-07 CVE-2019-17312 Path Traversal vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user.
network
low complexity
sugarcrm CWE-22
8.8
8.8
2019-10-07 CVE-2019-17311 Path Traversal vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user.
network
low complexity
sugarcrm CWE-22
8.8
8.8
2019-10-07 CVE-2019-17310 Code Injection vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user.
network
low complexity
sugarcrm CWE-94
7.2
7.2
2019-10-07 CVE-2019-17309 Code Injection vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the EmailMan module by an Admin user.
network
low complexity
sugarcrm CWE-94
7.2
7.2