SQL Injection Vulnerabilities in SugarCRM Leads Module

SQL Injection Vulnerabilities in SugarCRM Leads Module

CVE-2011-4833 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.