Home

CVE-2019-17301

Description

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user.

Risk Information

Base Score
7.2
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.418

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in SugarCRM 7.9.4.99Windows
Multiple Vulnerabilities are affected in SugarCRM 8.0.3Windows
Multiple Vulnerabilities are affected in SugarCRM 9.0.1Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234