Описание
Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.
Ссылки
- Vendor Advisory
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
- Vendor Advisory
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sugarcrm:sugarcrm:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:6.1.4:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:6.1.5:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:6.1.6:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:6.2.2:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:6.2.3:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:6.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:6.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:6.4:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01125
Низкий
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
debian
около 14 лет назад
Multiple SQL injection vulnerabilities in the Leads module in SugarCRM ...
github
больше 3 лет назад
Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.
EPSS
Процентиль: 78%
0.01125
Низкий
7.5 High
CVSS2
Дефекты
CWE-89