Known Vulnerabilities for products from Sugarcrm
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Sugarcrm".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-46816 json | An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection (SSTI) vulnerabil... | 8.8 - HIGH | 2023-10-27 | 2023-11-07 |
| CVE-2023-46815 json | An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been... | 8.8 - HIGH | 2023-10-27 | 2023-11-07 |
| CVE-2023-35811 json | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been iden... | 8.8 - HIGH | 2023-06-17 | 2023-08-23 |
| CVE-2023-35810 json | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vuln... | 7.2 - HIGH | 2023-06-17 | 2023-08-23 |
| CVE-2023-35809 json | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has be... | 8.8 - HIGH | 2023-06-17 | 2023-08-23 |
| CVE-2023-35808 json | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerabilit... | 8.8 - HIGH | 2023-06-17 | 2023-08-23 |
| CVE-2023-22952 json | In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of mis... | 8.8 - HIGH | 2023-01-11 | 2023-03-10 |
| CVE-2020-36501 json | Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arb... | 5.4 - MEDIUM | 2021-10-22 | 2021-10-26 |
| CVE-2020-28956 json | Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbit... | 5.4 - MEDIUM | 2021-10-22 | 2021-10-28 |
| CVE-2020-28955 json | SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vul... | 5.4 - MEDIUM | 2021-10-22 | 2021-10-28 |
| CVE-2020-17373 json | SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. | 5.3 - MEDIUM | 2020-08-12 | 2022-11-16 |
| CVE-2020-17372 json | SugarCRM before 10.1.0 (Q3 2020) allows XSS. | 5.4 - MEDIUM | 2020-08-12 | 2020-08-13 |
| CVE-2020-7472 json | An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 be... | 9.8 - CRITICAL | 2020-11-12 | 2021-07-21 |
| CVE-2019-17319 json | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user. | 8.8 - HIGH | 2019-10-07 | 2019-10-09 |
| CVE-2019-17318 json | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user. | 8.8 - HIGH | 2019-10-07 | 2019-10-09 |
| CVE-2019-17317 json | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user. | 7.2 - HIGH | 2019-10-07 | 2022-12-02 |
| CVE-2019-17316 json | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user. | 8.8 - HIGH | 2019-10-07 | 2022-12-02 |
| CVE-2019-17315 json | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user. | 7.2 - HIGH | 2019-10-07 | 2022-12-02 |
| CVE-2019-17314 json | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user. | 7.2 - HIGH | 2019-10-07 | 2019-10-09 |
| CVE-2019-17313 json | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user. | 8.8 - HIGH | 2019-10-07 | 2019-10-09 |
Known software with vulnerabilities from Sugarcrm
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Sugarcrm | Sugarcrm | 10.0.0 |