Description
Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.
Remediation
References
Related Vulnerabilities
MySQL CVE-2023-22065 Vulnerability (CVE-2023-22065)
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2018-10237)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-50721)
WordPress Plugin Generate PDF using Contact Form 7 Cross-Site Scripting (3.5)
Jboss EAP Improper Input Validation Vulnerability (CVE-2010-1871)