CVE Tools

sugarcrm

Enterprise SoftwareUScommercial

52

Cumulative CVEs

11

Monthly snapshots

#24

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting sugarcrm.

CVE-2024-58258SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur.7.2Jul 13, 2025
CVE-2023-46816An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection (SSTI) vulnerability has been identified in the GecControl action. By using a crafted req...8.8Oct 27, 2023
CVE-2023-46815An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP ...8.8Oct 27, 2023
CVE-2023-35811An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can b...8.8Jun 17, 2023
CVE-2023-35810An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted r...7.2Jun 17, 2023
CVE-2023-35809An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP co...8.8Jun 17, 2023
CVE-2023-35808An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, cu...8.8Jun 17, 2023
CVE-2023-22952In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.KEV8.8Jan 11, 2023
CVE-2020-28955SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via...5.4Oct 22, 2021
CVE-2020-28956Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary a...5.4Oct 22, 2021
CVE-2020-36501Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary...5.4Oct 22, 2021
CVE-2020-7472An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthen...9.8Nov 12, 2020
CVE-2020-17373SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection.5.3Aug 12, 2020
CVE-2020-17372SugarCRM before 10.1.0 (Q3 2020) allows XSS.5.4Aug 12, 2020
CVE-2012-0694SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.9.8Oct 29, 2019