CVE-2019-17299: Code Injection
First published: Mon Oct 07 2019(Updated: )
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sugarcrm Sugarcrm | >=7.9.0.0<7.9.5.0 | |
| Sugarcrm Sugarcrm | >=8.0.0<8.0.4 | |
| Sugarcrm Sugarcrm | >=9.0.0<9.0.2 | |
| Sugarcrm Sugarcrm | >=7.9.0.0<7.9.5.0 | |
| Sugarcrm Sugarcrm | >=8.0.0<8.0.4 | |
| Sugarcrm Sugarcrm | >=9.0.0<9.0.2 | |
| Sugarcrm Sugarcrm | >=7.9.0.0<7.9.5.0 | |
| Sugarcrm Sugarcrm | >=8.0.0<8.0.4 | |
| Sugarcrm Sugarcrm | >=9.0.0<9.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this SugarCRM vulnerability?
The vulnerability ID for this SugarCRM vulnerability is CVE-2019-17299.
What is the severity of CVE-2019-17299?
The severity of CVE-2019-17299 is high with a severity value of 7.2.
How does CVE-2019-17299 allow PHP code injection?
CVE-2019-17299 allows PHP code injection in the Administration module by an Admin user.
Which versions of SugarCRM are affected by CVE-2019-17299?
Versions before 8.0.4 and 9.x before 9.0.2 of SugarCRM are affected by CVE-2019-17299.
Is there a fix available for CVE-2019-17299?
Yes, a fix is available for CVE-2019-17299. Please refer to the official reference link for more information.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sugarcrm
- canonical/sugarcrm sugarcrm
- version/sugarcrm sugarcrm/7.9.0.0
- version/sugarcrm sugarcrm/8.0.0
- version/sugarcrm sugarcrm/9.0.0