header-logo
Suggest Exploit
vendor:
SugarCRM
by:
7.5
CVSS
HIGH
Cross-site scripting, HTML injection, SQL injection, Directory traversal
CWE
Product Name: SugarCRM
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

SugarCRM Multiple Vulnerabilities

The vulnerabilities in SugarCRM are caused by insufficient sanitization of user-supplied input. An attacker can exploit these issues to perform various attacks including cross-site scripting, HTML injection, SQL injection, and directory traversal attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to apply the latest patches and updates provided by the vendor. Additionally, input validation and sanitization should be implemented to prevent the exploitation of user-supplied input.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11740/info

SugarCRM is reported prone to multiple vulnerabilites arising from insufficient sanitization of user-supplied input. These issues can a remote attacker to carry out cross-site scripting, HTML injection, SQL injection and directory traversal attacks.

index.php?action=DetailView&module=Accounts&record=[SQL]

Navigation

Suggest Exploit

Services By CQR