Vulnerability Description
Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sugarcrm | Sugarcrm | 6.1.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/47011Vendor Advisory
- http://securitytracker.com/id?1026369Exploit
- http://www.osvdb.org/77459Exploit
- http://www.securityfocus.com/archive/1/520685/100/0/threaded
- http://www.sugarcrm.com/crm/support/bugs.html#issue_47800Exploit
- http://www.sugarcrm.com/crm/support/bugs.html#issue_47805Exploit
- http://www.sugarcrm.com/crm/support/bugs.html#issue_47806Exploit
- http://www.sugarcrm.com/crm/support/bugs.html#issue_47839Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71586
- https://www.htbridge.ch/advisory/sql_injection_in_sugarcrm.htmlExploit
- http://secunia.com/advisories/47011Vendor Advisory
- http://securitytracker.com/id?1026369Exploit
- http://www.osvdb.org/77459Exploit
- http://www.securityfocus.com/archive/1/520685/100/0/threaded
- http://www.sugarcrm.com/crm/support/bugs.html#issue_47800Exploit
FAQ
What is CVE-2011-4833?
CVE-2011-4833 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQ...
How severe is CVE-2011-4833?
CVE-2011-4833 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4833?
Check the references section above for vendor advisories and patch information. Affected products include: Sugarcrm Sugarcrm.