CVE-2019-17295: SQL Injection
First published: Mon Oct 07 2019(Updated: )
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sugarcrm Sugarcrm | >=7.9.0.0<7.9.5.0 | |
| Sugarcrm Sugarcrm | >=8.0.0<8.0.4 | |
| Sugarcrm Sugarcrm | >=9.0.0<9.0.2 | |
| Sugarcrm Sugarcrm | >=7.9.0.0<7.9.5.0 | |
| Sugarcrm Sugarcrm | >=8.0.0<8.0.4 | |
| Sugarcrm Sugarcrm | >=9.0.0<9.0.2 | |
| Sugarcrm Sugarcrm | >=7.9.0.0<7.9.5.0 | |
| Sugarcrm Sugarcrm | >=8.0.0<8.0.4 | |
| Sugarcrm Sugarcrm | >=9.0.0<9.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-17295?
CVE-2019-17295 is a SQL injection vulnerability in SugarCRM versions before 8.0.4 and 9.x before 9.0.2.
How does the SQL injection vulnerability in SugarCRM work?
The SQL injection vulnerability in SugarCRM allows Regular users to inject malicious SQL code in the history function.
Which versions of SugarCRM are affected by CVE-2019-17295?
The versions affected by CVE-2019-17295 are SugarCRM versions before 8.0.4 and 9.x before 9.0.2.
How severe is CVE-2019-17295?
CVE-2019-17295 has a severity rating of 8.8 (high).
How can I fix the SQL injection vulnerability in SugarCRM?
To fix the SQL injection vulnerability in SugarCRM, you should update to version 8.0.4 or 9.0.2.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sugarcrm
- canonical/sugarcrm sugarcrm
- version/sugarcrm sugarcrm/7.9.0.0
- version/sugarcrm sugarcrm/8.0.0
- version/sugarcrm sugarcrm/9.0.0