Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2011-12-14 19:57
Updated : 2018-10-09 12:33
NVD link : CVE-2011-4833
Mitre link : CVE-2011-4833
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
sugarcrm
- sugarcrm