Description
SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection.
References (3)
Core 3
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2020/Aug/9
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/158848/SugarCRM-SQL-Injection.html
Release Notes, Vendor Advisory x_refsource_misc
https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2020-051/
Scores
CVSS v3
5.3
EPSS
0.0144
EPSS Percentile
70.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-89
Status
published
Products (1)
sugarcrm/sugarcrm
< 10.1.0
Published
Aug 12, 2020
Tracked Since
Feb 18, 2026