Latest sugarcrm sugarcrm Vulnerabilities

● CVE-2023-46816

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection (SSTI) vulnerability has been identified in the GecControl action. By using a crafted reques...

Sugarcrm Sugarcrm>=12.0.0<12.0.4

Sugarcrm Sugarcrm=13.0.0

and 3 more

● CVE-2023-46815

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP cod...

Sugarcrm Sugarcrm>=12.0.0<12.0.4

Sugarcrm Sugarcrm=13.0.0

and 3 more

● CVE-2023-35811

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be i...

Sugarcrm Sugarcrm>=11.0.0<11.0.6

Sugarcrm Sugarcrm>=12.0.0<12.0.3

and 2 more

● CVE-2023-35810

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requ...

Sugarcrm Sugarcrm>=11.0.0<11.0.6

Sugarcrm Sugarcrm>=12.0.0<12.0.3

and 2 more

● CVE-2023-35809

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code ...

Sugarcrm Sugarcrm>=11.0.0<11.0.6

Sugarcrm Sugarcrm>=12.0.0<12.0.3

and 2 more

● CVE-2023-35808

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custo...

Sugarcrm Sugarcrm>=11.0.0<11.0.6

Sugarcrm Sugarcrm>=12.0.0<12.0.3

and 2 more

● CVE-2023-22952

Multiple SugarCRM Products Remote Code Execution Vulnerability

Sugarcrm Sugarcrm>=11.0.0<11.0.5

Sugarcrm Sugarcrm>=12.0.0<12.0.2

● CVE-2020-36501

Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary ad...

Sugarcrm Sugarcrm=6.5.18

● CVE-2020-28956

Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary addr...

Sugarcrm Sugarcrm=6.5.18

● CVE-2020-28955

SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a ...

Sugarcrm Sugarcrm=6.5.18

● CVE-2020-17372

SugarCRM before 10.1.0 (Q3 2020) allows XSS.

Sugarcrm Sugarcrm<10.1.0

● CVE-2020-17373

SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection.

Sugarcrm Sugarcrm<10.1.0

● CVE-2012-0694

SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.

debian

Sugarcrm Sugarcrm<=6.3.1

● CVE-2019-17314

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user.