Description
Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3265 Vulnerability (CVE-2017-3265)
Family Connections Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-0699)
Joomla! Core 4.x.x Multiple Vulnerabilities (4.0.0 - 4.2.6)
Atlassian Jira CVE-2021-26076 Vulnerability (CVE-2021-26076)
WordPress Plugin Pinterest 'Pin It' Button Multiple Unspecified Vulnerabilities (1.3.1)