SugarCRM before before 9.0.2 SQL Injection Vulnerability
Published on November 25th, 2019
Summary
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection
Credit:
The information has been provided by Egidio Romano
The original article can be found at:https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2019-021/
Details
A SQL injection issue has been identified in the export function which could allow an authenticated user to perform SQL injection. Using a specially crafted request, custom PHP code can be injected through the export function because of missing input validation. Regular user privileges are required to be able to exploit this vulnerability.
Vulnerable Systems:
SugarCRM before 8.0.4
SugarCRM 9.x before 9.0.2
CVE Information:
Disclosure Timeline:
Published Date:10/07/2019