CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28955
https://notcve.org/view.php?id=CVE-2020-28955
22 Oct 2021 — SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields. Se ha detectado que SugarCRM versión v6.5.18, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el módulo Create Employee. Esta vulnerabilidad permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil dise... • https://www.vulnerability-lab.com/get_content.php?id=2257 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28956
https://notcve.org/view.php?id=CVE-2020-28956
22 Oct 2021 — Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el módulo de ventas de SugarCRM versión v6.5.18, permiten a atacantes ejecutar scripts web arbitrarios o HTML por medio de cargas útiles diseñadas introducidas en los campos de entrada the primary... • https://www.vulnerability-lab.com/get_content.php?id=2249 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36501
https://notcve.org/view.php?id=CVE-2020-36501
22 Oct 2021 — Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el módulo de Soporte de SugarCRM versión v6.5.18, permiten a atacantes ejecutar scripts web arbitrarios o HTML por medio de cargas útiles diseñadas introducidas en los campos de entrada primary ... • https://www.vulnerability-lab.com/get_content.php?id=2249 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-7472
https://notcve.org/view.php?id=CVE-2020-7472
12 Nov 2020 — An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. (This is exploitable even after installation is completed.). Una omisión de autorización y una vulnerabilidad de inclusión de archivos locales PHP en el componente de instalación de SugarCRM versiones anteriores a 8.0, ... • https://support.sugarcrm.com/Documentation/Sugar_Versions/10.0/Pro/Sugar_10.0.0_Release_Notes • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 3CVE-2020-17373 – SugarCRM SQL Injection
https://notcve.org/view.php?id=CVE-2020-17373
12 Aug 2020 — SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. SugarCRM versiones anteriores a 10.1.0 (el Q3 2020), permite una inyección SQL SugarCRM versions prior to 10.1.10 suffer from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/158848 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2020-17372 – SugarCRM Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-17372
12 Aug 2020 — SugarCRM before 10.1.0 (Q3 2020) allows XSS. SugarCRM versiones anteriores a 10.1.0 (el Q3 2020), permite un ataque de tipo XSS SugarCRM versions prior to 10.1.10 suffer from multiple cross site scripting vulnerabilities. • https://packetstorm.news/files/id/158847 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 93%CPEs: 1EXPL: 2CVE-2012-0694 – SugarCRM CE 6.3.1 - 'Unserialize()' PHP Code Execution
https://notcve.org/view.php?id=CVE-2012-0694
29 Oct 2019 — SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code. SugarCRM CE versiones anteriores a 6.3.1 incluyéndola, contiene scripts que usan la función "unserialize()" con entrada controlada por el usuario lo que permite a atacantes remotos ejecutar código PHP arbitrario. • https://www.exploit-db.com/exploits/19403 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2019-17292
https://notcve.org/view.php?id=CVE-2019-17292
07 Oct 2019 — SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user. SugarCRM versiones anteriores a 8.0.4 y versiones 9.x anteriores a 9.0.2, permite la inyección SQL en el módulo pmse_Inbox por parte de un usuario Admin. • https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2019-019 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-17293
https://notcve.org/view.php?id=CVE-2019-17293
07 Oct 2019 — SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user. SugarCRM versiones anteriores a 8.0.4 y versiones 9.x anteriores a 9.0.2, permite la inyección SQL en el módulo pmse_Project por parte de un usuario Regular. • https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2019-020 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-17294
https://notcve.org/view.php?id=CVE-2019-17294
07 Oct 2019 — SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user. SugarCRM versiones anteriores a 8.0.4 y versiones 9.x anteriores a 9.0.2, permite la inyección SQL en la función export por parte de un usuario Regular. • https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2019-021 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •