SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user.

Published : 2019-10-07 16:15 Updated : 2019-10-10 13:29

CVSS Score More info
Score 6.5 / 10
Vendor Product Version URI
Sugarcrm Sugarcrm 9.0.0 cpe:/a:sugarcrm:sugarcrm:9.0.0::~~enterprise~~~
  1. Sugarcrm (1) Search CVE
    1. Sugarcrm (1) Search CVE
      1. 9.0.0


ID Name Description Links
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. CVE

History of changes

Date Event
2019-10-10 13:29
2019-10-07 16:16