SugarCRM before before 9.0.2 SQL Injection Vulnerability

Published on November 25th, 2019

Summary

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection

Credit:

The information has been provided by Egidio Romano

The original article can be found at:https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2019-021/

Details

A SQL injection issue has been identified in the export function which could allow an authenticated user to perform SQL injection. Using a specially crafted request, custom PHP code can be injected through the export function because of missing input validation. Regular user privileges are required to be able to exploit this vulnerability.

Vulnerable Systems:

SugarCRM before 8.0.4

SugarCRM 9.x before 9.0.2

CVE Information:

CVE-2019-17294

Disclosure Timeline:
Published Date:10/07/2019

SugarCRM before before 9.0.2 SQL Injection Vulnerability

Summary

Credit:

Details

Featured News

HUAWEI P30 with versions earlier than 10.1.0.160 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Featured News

HUAWEI P30 with versions earlier than 10.1.0.135 Improper Verification of Cryptographic Signature Vulnerability

Featured News

HUAWEI P30 smartphone versions 10.1.0.135 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

SugarCRM before before 9.0.2 SQL Injection Vulnerability

Summary

Credit:

Details

Related Posts

Featured News

HUAWEI P30 with versions earlier than 10.1.0.160 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Featured News

HUAWEI P30 with versions earlier than 10.1.0.135 Improper Verification of Cryptographic Signature Vulnerability

Featured News

HUAWEI P30 smartphone versions 10.1.0.135 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability