Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CRM

SugarCRM

SugarCRM empowers your marketing sales and services teams to collaborate across the entire customer lifecycle for more meaningful memorable experiences.

Official Site:

https://www.sugarcrm.com/

Severity Summary:

Critical: 5 High: 40 Medium: 18
Reference
Title
Severity
CVE-2004-1225
SugarCRM Other Vulnerability
Critical
CVE-2014-3244
SugarCRM Improper Restriction of XML External Entity Reference Vulnerability
Critical
CVE-2012-0694
SugarCRM Improper Input Validation Vulnerability
Critical
CVE-2020-7472
SugarCRM Missing Authorization Vulnerability
Critical
CVE-2018-6308
SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2023-35809
SugarCRM Vulnerability
High
CVE-2019-17318
SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2019-17317
SugarCRM Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
High
CVE-2019-17316
SugarCRM Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
High
CVE-2019-17315
SugarCRM Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
High
CVE-2023-46816
SugarCRM Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2023-35808
SugarCRM Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2023-46815
SugarCRM Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2023-35810
SugarCRM Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2019-17292
SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2017-14508
SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2015-5946
SugarCRM Incomplete List of Disallowed Inputs Vulnerability
High
CVE-2011-4833
SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2023-35811
SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2023-22952
Multiple SugarCRM Products Remote Code Execution Vulnerability
High
CVE-2009-2978
SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2017-14509
SugarCRM Improper Input Validation Vulnerability
High
CVE-2019-17319
SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2019-17293
SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2019-17305
SugarCRM Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2019-17314
SugarCRM Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2019-17313
SugarCRM Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2019-17312
SugarCRM Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2019-17311
SugarCRM Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2019-17310
SugarCRM Improper Control of Generation of Code (Code Injection) Vulnerability
High