Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2011-12-15T02:00:00
Updated: 2018-10-09T18:57:01
Reserved: 2011-12-14T00:00:00
Link: CVE-2011-4833
JSON object: View
NVD Information
Status : Modified
Published: 2011-12-15T03:57:34.967
Modified: 2018-10-09T19:33:36.077
Link: CVE-2011-4833
JSON object: View
Redhat Information
No data.
CWE