Vulnerabilities > Sugarcrm > Sugarcrm > 8.0.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-12 | CVE-2020-7472 | Missing Authorization vulnerability in Sugarcrm An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. | 7.5 |
2020-08-12 | CVE-2020-17373 | SQL Injection vulnerability in Sugarcrm SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. | 5.3 |
2020-08-12 | CVE-2020-17372 | Cross-site Scripting vulnerability in Sugarcrm SugarCRM before 10.1.0 (Q3 2020) allows XSS. | 3.5 |