Vulnerabilities > Sugarcrm > Sugarcrm > 8.0.5

DATE CVE VULNERABILITY TITLE RISK
2020-11-12 CVE-2020-7472 Missing Authorization vulnerability in Sugarcrm
An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests.
network
low complexity
sugarcrm CWE-862
7.5
7.5
2020-08-12 CVE-2020-17373 SQL Injection vulnerability in Sugarcrm
SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection.
network
high complexity
sugarcrm CWE-89
5.3
5.3
2020-08-12 CVE-2020-17372 Cross-site Scripting vulnerability in Sugarcrm
SugarCRM before 10.1.0 (Q3 2020) allows XSS.
network
sugarcrm CWE-79
3.5
3.5