CVE-2019-17318: SQL Injection
First published: Mon Oct 07 2019(Updated: )
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sugarcrm Sugarcrm | >=7.9.0.0<7.9.5.0 | |
| Sugarcrm Sugarcrm | >=8.0.0<8.0.4 | |
| Sugarcrm Sugarcrm | >=9.0.0<9.0.2 | |
| Sugarcrm Sugarcrm | >=7.9.0.0<7.9.5.0 | |
| Sugarcrm Sugarcrm | >=8.0.0<8.0.4 | |
| Sugarcrm Sugarcrm | >=9.0.0<9.0.2 | |
| Sugarcrm Sugarcrm | >=7.9.0.0<7.9.5.0 | |
| Sugarcrm Sugarcrm | >=8.0.0<8.0.4 | |
| Sugarcrm Sugarcrm | >=9.0.0<9.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this SQL injection vulnerability in SugarCRM?
The vulnerability ID for this SQL injection vulnerability in SugarCRM is CVE-2019-17318.
What is the affected version of SugarCRM for this vulnerability?
The affected versions of SugarCRM for this vulnerability are before 8.0.4 and 9.x before 9.0.2.
What is the severity of CVE-2019-17318?
The severity of CVE-2019-17318 is high with a severity value of 8.8.
How does this vulnerability occur?
This vulnerability occurs in the pmse_Inbox module of SugarCRM and is caused by SQL injection by a Regular user.
How can I fix this vulnerability in SugarCRM?
To fix this vulnerability in SugarCRM, you should update to version 8.0.4 or 9.0.2, depending on the affected version.
- collector/nvd-index
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sugarcrm
- canonical/sugarcrm sugarcrm
- version/sugarcrm sugarcrm/7.9.0.0
- version/sugarcrm sugarcrm/8.0.0
- version/sugarcrm sugarcrm/9.0.0