CVE-2011-4833

Published: Dec 15, 2011Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.

Affected (14)

Products: Sugarcrm: Sugarcrm

1 product

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Sugarcrm Sugarcrm	Version 6.1.0
Sugarcrm Sugarcrm	Version 6.1.1
Sugarcrm Sugarcrm	Version 6.1.2
Sugarcrm Sugarcrm	Version 6.1.3
Sugarcrm Sugarcrm	Version 6.1.4
Sugarcrm Sugarcrm	Version 6.1.5
Sugarcrm Sugarcrm	Version 6.1.6
Sugarcrm Sugarcrm	Version 6.2.0
Sugarcrm Sugarcrm	Version 6.2.1
Sugarcrm Sugarcrm	Version 6.2.2
Sugarcrm Sugarcrm	Version 6.2.3
Sugarcrm Sugarcrm	Version 6.3.0 rc1
Sugarcrm Sugarcrm	Version 6.3.0 rc2
Sugarcrm Sugarcrm	Version 6.4

Related CWEs

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

References (20)

http://secunia.com/advisories/47011

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1026369

Source: cve@mitre.org

Exploit

http://www.osvdb.org/77459

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/520685/100/0/threaded

Source: cve@mitre.org

http://www.sugarcrm.com/crm/support/bugs.html#issue_47800

Source: cve@mitre.org

Exploit

http://www.sugarcrm.com/crm/support/bugs.html#issue_47805

Source: cve@mitre.org

Exploit

http://www.sugarcrm.com/crm/support/bugs.html#issue_47806

Source: cve@mitre.org

Exploit

http://www.sugarcrm.com/crm/support/bugs.html#issue_47839

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/71586

Source: cve@mitre.org

https://www.htbridge.ch/advisory/sql_injection_in_sugarcrm.html

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/47011

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1026369

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.osvdb.org/77459

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/archive/1/520685/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.sugarcrm.com/crm/support/bugs.html#issue_47800

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.sugarcrm.com/crm/support/bugs.html#issue_47805

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.sugarcrm.com/crm/support/bugs.html#issue_47806

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.sugarcrm.com/crm/support/bugs.html#issue_47839

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/71586

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.htbridge.ch/advisory/sql_injection_in_sugarcrm.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.