Skip to main content

Sugarcrm CVE-2019-17295

HIGH
SQL Injection (CWE-89)
2019-10-07 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 07, 2019 - 16:15 nvd
HIGH 8.8

DescriptionNVD

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user.

AnalysisAI

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user. Affected products include: Sugarcrm. Version information: before 8.0.4.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2023-22952 HIGH POC
8.8 Jan 11

In SugarCRM before 12.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexi

CVE-2018-6308 CRITICAL POC
9.8 Jan 25

Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaign

CVE-2017-14509 HIGH POC
8.8 Sep 17

An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community

CVE-2017-14508 HIGH POC
8.8 Sep 17

An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community

CVE-2015-5946 HIGH POC
7.8 Aug 07

Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uplo

CVE-2017-14510 MEDIUM POC
6.1 Sep 17

An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community

CVE-2019-14974 MEDIUM POC
6.1 Aug 14

SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS. Rated medium severity (CVSS

CVE-2018-17784 MEDIUM POC
6.1 Oct 10

Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthentic

CVE-2018-5715 MEDIUM POC
6.1 Jan 16

phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable). Rated medium sever

CVE-2020-7472 CRITICAL
9.8 Nov 12

An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8

CVE-2020-17372 MEDIUM POC
5.4 Aug 12

SugarCRM before 10.1.0 (Q3 2020) allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitabl

CVE-2020-17373 MEDIUM POC
5.3 Aug 12

SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely

Share

CVE-2019-17295 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy