PT-2011-5133 · Sugarcrm · Sugarcrm

Publicado

2011-12-15

Atualizado

2018-10-09

CVE-2011-4833

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SugarCRM versions 6.1 through 6.1.6 SugarCRM versions 6.2 through 6.2.3 SugarCRM versions 6.3 through 6.3.0RC2 SugarCRM versions 6.4 through 6.4.0beta0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the where and order parameters in a get full list action to "index.php".

Recommendations For SugarCRM versions 6.1 through 6.1.6, update to version 6.1.7. For SugarCRM versions 6.2 through 6.2.3, update to version 6.2.4. For SugarCRM versions 6.3 through 6.3.0RC2, update to version 6.3.0RC3. For SugarCRM versions 6.4 through 6.4.0beta0, update to version 6.4.0beta1.

Exploit

Correção

RCE

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2011-4833

Produtos afetados

Sugarcrm

PT-2011-5133 · Sugarcrm · Sugarcrm

CVE-2011-4833

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13