SugarCRM before before 9.0.2 SQL Injection Vulnerability


SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection


The information has been provided by Egidio Romano 

The original article can be found at:



A SQL injection issue has been identified in the export function which could allow an authenticated user to perform SQL injection. Using a specially crafted request, custom PHP code can be injected through the export function because of missing input validation. Regular user privileges are required to be able to exploit this vulnerability.

Vulnerable Systems:

SugarCRM before 8.0.4 

SugarCRM 9.x before 9.0.2 

CVE Information:


Disclosure Timeline:
Published Date:10/07/2019