Vulnerabilities > Sugarcrm

DATE CVE VULNERABILITY TITLE RISK
2019-10-07 CVE-2019-17316 Unspecified vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user.
network
low complexity
sugarcrm
8.8
2019-10-07 CVE-2019-17315 Unspecified vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user.
network
low complexity
sugarcrm
7.2
2019-08-14 CVE-2019-14974 Cross-site Scripting vulnerability in Sugarcrm 9.0.0
SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.
network
sugarcrm CWE-79
4.3
2018-10-10 CVE-2018-17784 Cross-site Scripting vulnerability in Sugarcrm
Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
network
sugarcrm CWE-79
4.3
2018-02-01 CVE-2014-3244 XXE vulnerability in Sugarcrm
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
network
low complexity
sugarcrm CWE-611
7.5
2018-01-25 CVE-2018-6308 SQL Injection vulnerability in Sugarcrm 6.5.26
Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, the duplicate parameter to modules\Contacts\ShowDuplicates.php, the mergecur parameter to modules\Currencies\index.php and modules\Opportunities\Opportunity.php, and the load_signed_id parameter to modules\Documents\Document.php.
network
low complexity
sugarcrm CWE-89
7.5
2018-01-16 CVE-2018-5715 Cross-site Scripting vulnerability in Sugarcrm 3.5.1
phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).
network
sugarcrm CWE-79
4.3
2017-09-17 CVE-2017-14510 Cross-site Scripting vulnerability in Sugarcrm
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26).
network
sugarcrm CWE-79
4.3
2017-09-17 CVE-2017-14509 Improper Input Validation vulnerability in Sugarcrm
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26).
network
low complexity
sugarcrm CWE-20
6.5
2017-09-17 CVE-2017-14508 SQL Injection vulnerability in Sugarcrm
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26).
network
low complexity
sugarcrm CWE-89
6.5