- Vulnerability/
- CVE-2019-17307
CVE-2019-17307
First published: Mon Oct 07 2019(Updated: )
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sugarcrm Sugarcrm | >=7.9.0.0<7.9.5.0 | |
| Sugarcrm Sugarcrm | >=8.0.0<8.0.4 | |
| Sugarcrm Sugarcrm | >=9.0.0<9.0.2 | |
| Sugarcrm Sugarcrm | >=7.9.0.0<7.9.5.0 | |
| Sugarcrm Sugarcrm | >=8.0.0<8.0.4 | |
| Sugarcrm Sugarcrm | >=9.0.0<9.0.2 | |
| Sugarcrm Sugarcrm | >=7.9.0.0<7.9.5.0 | |
| Sugarcrm Sugarcrm | >=8.0.0<8.0.4 | |
| Sugarcrm Sugarcrm | >=9.0.0<9.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-17307?
CVE-2019-17307 is a vulnerability in SugarCRM before 8.0.4 and 9.x before 9.0.2 that allows PHP code injection in the Tracker module by an Admin user.
How severe is CVE-2019-17307?
CVE-2019-17307 has a severity rating of 7.2, which is considered high.
Which software versions are affected by CVE-2019-17307?
The versions of SugarCRM affected by CVE-2019-17307 include 7.9.0.0 to 7.9.5.0, 8.0.0 to 8.0.4, and 9.0.0 to 9.0.2 in the Enterprise, Professional, and Ultimate editions.
How can the PHP code injection vulnerability be exploited?
An Admin user in SugarCRM can exploit the PHP code injection vulnerability in the Tracker module.
How can I fix CVE-2019-17307?
To fix CVE-2019-17307, users should update their SugarCRM installations to version 8.0.4 or 9.0.2, depending on the installed version.
- collector/nvd-index
- vendor/sugarcrm
- product/sugarcrm
- canonical/sugarcrm sugarcrm