Sql injection

2011-12-1503:57:00

PRIOn knowledge base

www.prio-n.com

9.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.7%

JSON

Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.

CPENameOperatorVersion
sugarcrmeq6.2.3
sugarcrmeq6.2.2
sugarcrmeq6.1.3
sugarcrmeq6.1.4
sugarcrmeq6.1.0
sugarcrmeq6.1.1
sugarcrmeq6.3.0 rc2
sugarcrmeq6.1.2
sugarcrmeq6.2.0
sugarcrmeq6.1.6

Name	Operator	Version
sugarcrm	eq	6.2.3
sugarcrm	eq	6.2.2
sugarcrm	eq	6.1.3
sugarcrm	eq	6.1.4
sugarcrm	eq	6.1.0
sugarcrm	eq	6.1.1
sugarcrm	eq	6.3.0 rc2
sugarcrm	eq	6.1.2
sugarcrm	eq	6.2.0
sugarcrm	eq	6.1.6