Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2018-6308 - Vulnerability Database
SugarCRM

SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2018-6308

Critical
Reference: CVE-2018-6308
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-6308
Title: SugarCRM Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modulesCampaignsTracker.php and modulesCampaignsutils.php the default_currency_name parameter to modulesConfiguratorcontroller.php and modulesCurrenciesCurrency.php the duplicate parameter to modulesContactsShowDuplicates.php the mergecur parameter to modulesCurrenciesindex.php and modulesOpportunitiesOpportunity.php and the load_signed_id parameter to modulesDocumentsDocument.php.