Vulnerabilities > Sugarcrm > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-27 | CVE-2023-46815 | Unrestricted Upload of File with Dangerous Type vulnerability in Sugarcrm An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. | 8.8 |
2023-10-27 | CVE-2023-46816 | Code Injection vulnerability in Sugarcrm An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. | 8.8 |
2023-06-17 | CVE-2023-35808 | Unrestricted Upload of File with Dangerous Type vulnerability in Sugarcrm 11.0.0/12.0.0 An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. | 8.8 |
2023-06-17 | CVE-2023-35809 | Unspecified vulnerability in Sugarcrm 11.0.0/12.0.0 An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. | 8.8 |
2023-06-17 | CVE-2023-35810 | Injection vulnerability in Sugarcrm 11.0.0/12.0.0 An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. | 7.2 |
2023-06-17 | CVE-2023-35811 | SQL Injection vulnerability in Sugarcrm 11.0.0/12.0.0 An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. | 8.8 |
2023-01-11 | CVE-2023-22952 | Improper Input Validation vulnerability in Sugarcrm 11.0.0/12.0.0 In SugarCRM before 12.0. | 8.8 |
2020-11-12 | CVE-2020-7472 | Missing Authorization vulnerability in Sugarcrm An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. | 7.5 |
2019-10-29 | CVE-2012-0694 | Improper Input Validation vulnerability in Sugarcrm 6.3.1 SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code. | 7.5 |
2019-10-07 | CVE-2019-17317 | Unspecified vulnerability in Sugarcrm SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user. | 7.2 |