SugarCRM before before 9.0.2 SQL Injection Vulnerability
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection
The information has been provided by Egidio Romano
The original article can be found at:https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2019-021/
A SQL injection issue has been identified in the export function which could allow an authenticated user to perform SQL injection. Using a specially crafted request, custom PHP code can be injected through the export function because of missing input validation. Regular user privileges are required to be able to exploit this vulnerability.
SugarCRM before 8.0.4
SugarCRM 9.x before 9.0.2