Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2011-4833 - Vulnerability Database
SugarCRM

SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2011-4833

High
Reference: CVE-2011-4833
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2011-4833
Title: SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7 6.2 before 6.2.4 6.3 before 6.3.0RC3 and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.