Description

Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.

Remediation

References

CVE-2011-4833

Related Vulnerabilities

WordPress Plugin Google Drive for WordPress Arbitrary File Deletion (2.2)

WordPress Plugin SEO SearchTerms Tagging 2 Multiple Vulnerabilities (1.535)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-39151)

WordPress Plugin Motors-Car Dealer & Classified Ads Multiple Vulnerabilities (1.4.0)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-16738)

Severity

High

Classification

CVE-2011-4833 CWE-138

Tags

Missing Update Known Vulnerabilities