Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 prior to 6.1.7, 6.2 prior to 6.2.4, 6.3 prior to 6.3.0RC3, and 6.4 prior to 6.4.0beta1 allow remote malicious users to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
sugarcrm sugarcrm 6.2.1 |
||
sugarcrm sugarcrm 6.2.2 |
||
sugarcrm sugarcrm 6.1.3 |
||
sugarcrm sugarcrm 6.1.4 |
||
sugarcrm sugarcrm 6.3.0 |
||
sugarcrm sugarcrm 6.1.0 |
||
sugarcrm sugarcrm 6.4 |
||
sugarcrm sugarcrm 6.2.3 |
||
sugarcrm sugarcrm 6.1.5 |
||
sugarcrm sugarcrm 6.1.6 |
||
sugarcrm sugarcrm 6.2.0 |
||
sugarcrm sugarcrm 6.1.1 |
||
sugarcrm sugarcrm 6.1.2 |
Vulmon