SugarCRM before before 9.0.2 SQL Injection Vulnerability

Summary

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection

Credit:

The information has been provided by Egidio Romano 

The original article can be found at:https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2019-021/

 


Details

A SQL injection issue has been identified in the export function which could allow an authenticated user to perform SQL injection. Using a specially crafted request, custom PHP code can be injected through the export function because of missing input validation. Regular user privileges are required to be able to exploit this vulnerability.

Vulnerable Systems:

SugarCRM before 8.0.4 

SugarCRM 9.x before 9.0.2 

CVE Information:

CVE-2019-17294

Disclosure Timeline:
Published Date:10/07/2019