PT-2019-15080 · Sugarcrm · Sugarcrm
Published
2019-10-07
·
Updated
2022-12-02
·
CVE-2019-17317
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SugarCRM versions prior to 8.0.4
SugarCRM versions 9.x prior to 9.0.2
Description
The issue allows PHP object injection in the UpgradeWizard module by an Admin user.
Recommendations
For SugarCRM versions prior to 8.0.4, update to version 8.0.4 or later.
For SugarCRM versions 9.x prior to 9.0.2, update to version 9.0.2 or later.
Fix
Prototype Pollution
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sugarcrm