SQL Injection Vulnerabilities in SugarCRM Leads Module
CVE-2011-4833 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.