Vulnerabilities > Sugarcrm > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-27 CVE-2023-46815 Unrestricted Upload of File with Dangerous Type vulnerability in Sugarcrm
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2.
network
low complexity
sugarcrm CWE-434
8.8
8.8
2023-10-27 CVE-2023-46816 Code Injection vulnerability in Sugarcrm
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2.
network
low complexity
sugarcrm CWE-94
8.8
8.8
2023-06-17 CVE-2023-35808 Unrestricted Upload of File with Dangerous Type vulnerability in Sugarcrm 11.0.0/12.0.0
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3.
network
low complexity
sugarcrm CWE-434
8.8
8.8
2023-06-17 CVE-2023-35809 Unspecified vulnerability in Sugarcrm 11.0.0/12.0.0
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3.
network
low complexity
sugarcrm
8.8
8.8
2023-06-17 CVE-2023-35810 Injection vulnerability in Sugarcrm 11.0.0/12.0.0
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3.
network
low complexity
sugarcrm CWE-74
7.2
7.2
2023-06-17 CVE-2023-35811 SQL Injection vulnerability in Sugarcrm 11.0.0/12.0.0
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3.
network
low complexity
sugarcrm CWE-89
8.8
8.8
2023-01-11 CVE-2023-22952 Improper Input Validation vulnerability in Sugarcrm 11.0.0/12.0.0
In SugarCRM before 12.0.
network
low complexity
sugarcrm CWE-20
8.8
8.8
2020-11-12 CVE-2020-7472 Missing Authorization vulnerability in Sugarcrm
An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests.
network
low complexity
sugarcrm CWE-862
7.5
7.5
2019-10-29 CVE-2012-0694 Improper Input Validation vulnerability in Sugarcrm 6.3.1
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
network
low complexity
sugarcrm CWE-20
7.5
7.5
2019-10-07 CVE-2019-17317 Unspecified vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user.
network
low complexity
sugarcrm
7.2
7.2