CVE-2009-2978

Опубликовано: 27 авг. 2009

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:*:*:*:*

Версия до 4.5.1o (включая)

cpe:2.3:a:sugarcrm:sugarcrm:*:*:sugar_community_edition:*:*:*:*:*

Версия до 5.0.0k (включая)

cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:*:*:*:*

Версия до 5.2.0g (включая)

cpe:2.3:a:sugarcrm:sugarcrm:1.0:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:1.0f:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:1.0g:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:1.1:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:1.1a:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:1.1b:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:1.1c:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:1.1d:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:1.1e:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:1.1f:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:1.5d:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:2.0.1a:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:2.0.1c:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:3.5:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:4.0:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:4.1:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:4.2:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:4.5.0:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:4.5.0f:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:4.5.1:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:5.0.0:*:sugar_community_edition:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:5.0.0h:*:sugar_community_edition:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:5.2a:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:5.2c:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:5.2d:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:5.2e:*:*:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:5.2e:*:sugar_community_edition:*:*:*:*:*

cpe:2.3:a:sugarcrm:sugarcrm:5.2f:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00836

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2009-2978

ubuntu

больше 16 лет назад

SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-2978

debian

больше 16 лет назад

SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and ...

GHSA-9wv5-pprm-9xw9

github

больше 3 лет назад

SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

EPSS

Процентиль: 74%

0.00836

Низкий

7.5 High

CVSS2

Дефекты

CWE-89