cpe:/a:sugarcrm:sugarcrm:9.0.0::~~enterprise~~~ CVE-2019-17306 2019-10-07T12:15:12.663-04:00 2019-10-09T14:04:01.760-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2019-10-09T10:04:07.193-04:00 MISC https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2019-033/ SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user.