Lucene search

[email protected]CVE-2011-4833

HistoryDec 15, 2011 - 3:57 a.m.

CVE-2011-4833

2011-12-1503:57:34

CWE-89

[email protected]

web.nvd.nist.gov

cve

sql injection

sugarcrm

security

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.7%

JSON

Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.

Affected configurations

NVD

Node

sugarcrmsugarcrmMatch6.1.0

sugarcrmsugarcrmMatch6.1.1

sugarcrmsugarcrmMatch6.1.2

sugarcrmsugarcrmMatch6.1.3

sugarcrmsugarcrmMatch6.1.4

sugarcrmsugarcrmMatch6.1.5

sugarcrmsugarcrmMatch6.1.6

sugarcrmsugarcrmMatch6.2.0

sugarcrmsugarcrmMatch6.2.1

sugarcrmsugarcrmMatch6.2.2

sugarcrmsugarcrmMatch6.2.3

sugarcrmsugarcrmMatch6.3.0rc1

sugarcrmsugarcrmMatch6.3.0rc2

sugarcrmsugarcrmMatch6.4

CPENameOperatorVersion
sugarcrm:sugarcrmsugarcrmeq6.1.0
sugarcrm:sugarcrmsugarcrmeq6.1.1
sugarcrm:sugarcrmsugarcrmeq6.1.2
sugarcrm:sugarcrmsugarcrmeq6.1.3
sugarcrm:sugarcrmsugarcrmeq6.1.4
sugarcrm:sugarcrmsugarcrmeq6.1.5
sugarcrm:sugarcrmsugarcrmeq6.1.6
sugarcrm:sugarcrmsugarcrmeq6.2.0
sugarcrm:sugarcrmsugarcrmeq6.2.1
sugarcrm:sugarcrmsugarcrmeq6.2.2

CPE	Name	Operator	Version
sugarcrm:sugarcrm	sugarcrm	eq	6.1.0
sugarcrm:sugarcrm	sugarcrm	eq	6.1.1
sugarcrm:sugarcrm	sugarcrm	eq	6.1.2
sugarcrm:sugarcrm	sugarcrm	eq	6.1.3
sugarcrm:sugarcrm	sugarcrm	eq	6.1.4
sugarcrm:sugarcrm	sugarcrm	eq	6.1.5
sugarcrm:sugarcrm	sugarcrm	eq	6.1.6
sugarcrm:sugarcrm	sugarcrm	eq	6.2.0
sugarcrm:sugarcrm	sugarcrm	eq	6.2.1
sugarcrm:sugarcrm	sugarcrm	eq	6.2.2

Rows per page:

1-10 of 131

References

secunia.com/advisories/47011

securitytracker.com/id?1026369

www.osvdb.org/77459

www.securityfocus.com/archive/1/520685/100/0/threaded

www.sugarcrm.com/crm/support/bugs.html#issue_47800

www.sugarcrm.com/crm/support/bugs.html#issue_47805

www.sugarcrm.com/crm/support/bugs.html#issue_47806

www.sugarcrm.com/crm/support/bugs.html#issue_47839

exchange.xforce.ibmcloud.com/vulnerabilities/71586

www.htbridge.ch/advisory/sql_injection_in_sugarcrm.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.7%

JSON

Related for CVE-2011-4833

prion1 cvelist1 htbridge1 nvd1