CVE-2019-17301: Code Injection
First published: Mon Oct 07 2019(Updated: )
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sugarcrm Sugarcrm | >=7.9.0.0<7.9.5.0 | |
| Sugarcrm Sugarcrm | >=8.0.0<8.0.4 | |
| Sugarcrm Sugarcrm | >=9.0.0<9.0.2 | |
| Sugarcrm Sugarcrm | >=7.9.0.0<7.9.5.0 | |
| Sugarcrm Sugarcrm | >=8.0.0<8.0.4 | |
| Sugarcrm Sugarcrm | >=9.0.0<9.0.2 | |
| Sugarcrm Sugarcrm | >=7.9.0.0<7.9.5.0 | |
| Sugarcrm Sugarcrm | >=8.0.0<8.0.4 | |
| Sugarcrm Sugarcrm | >=9.0.0<9.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this SugarCRM vulnerability?
The vulnerability ID for this SugarCRM vulnerability is CVE-2019-17301.
What is the severity of CVE-2019-17301?
The severity of CVE-2019-17301 is high, with a severity value of 7.2.
Which versions of SugarCRM are affected by CVE-2019-17301?
SugarCRM versions before 8.0.4 and 9.x before 9.0.2 are affected by CVE-2019-17301.
How does CVE-2019-17301 exploit the vulnerability?
CVE-2019-17301 allows PHP code injection in the ModuleBuilder module by an Admin user.
How can I fix the CVE-2019-17301 vulnerability?
To fix the CVE-2019-17301 vulnerability, it is recommended to upgrade to SugarCRM version 8.0.4 or 9.0.2.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- agent/source
- vendor/sugarcrm
- canonical/sugarcrm sugarcrm
- version/sugarcrm sugarcrm/7.9.0.0
- version/sugarcrm sugarcrm/8.0.0
- version/sugarcrm sugarcrm/9.0.0