Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

CRM

SugarCRM

SugarCRM empowers your marketing sales and services teams to collaborate across the entire customer lifecycle for more meaningful memorable experiences.

Official Site:

https://www.sugarcrm.com/

Severity Summary:

Critical: 5 High: 40 Medium: 18
Reference
Title
Severity
CVE-2019-17309
SugarCRM Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2019-17308
SugarCRM Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2019-17307
SugarCRM Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2019-17294
SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2019-17306
SugarCRM Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2019-17304
SugarCRM Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2019-17303
SugarCRM Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2019-17302
SugarCRM Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2019-17301
SugarCRM Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2019-17300
SugarCRM Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2019-17299
SugarCRM Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2019-17298
SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2019-17297
SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2019-17296
SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2019-17295
SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2020-28955
SugarCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-28956
SugarCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-36501
SugarCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2004-1226
SugarCRM Gain Sensitive Information Vulnerability
Medium
CVE-2005-0266
SugarCRM Other Vulnerability
Medium
CVE-2020-17373
SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2006-2460
SugarCRM Other Vulnerability
Medium
CVE-2006-6712
SugarCRM Other Vulnerability
Medium
CVE-2008-2045
SugarCRM Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2009-2146
SugarCRM Other Vulnerability
Medium
CVE-2010-0465
SugarCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2011-0745
SugarCRM Improper Input Validation Vulnerability
Medium
CVE-2011-3803
SugarCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2017-14510
SugarCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2018-5715
SugarCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium