cpe:/a:sugarcrm:sugarcrm:9.0.0::~~enterprise~~~ CVE-2019-17303 2019-10-07T12:15:12.477-04:00 2019-10-09T14:10:10.607-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2019-10-09T11:49:20.780-04:00 MISC https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2019-030/ SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user.