Vulnerabilities > Sugarcrm > Sugarcrm > 1.5d
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-03-16 | CVE-2011-0745 | Improper Input Validation vulnerability in Sugarcrm SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php. | 4.0 |
2009-08-27 | CVE-2009-2978 | SQL Injection vulnerability in Sugarcrm SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2005-01-10 | CVE-2004-1225 | Input Validation vulnerability in SugarCRM SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality. | 10.0 |
2005-01-01 | CVE-2005-0266 | Cross-Site Scripting vulnerability in SugarCRM Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter. network sugarcrm | 4.3 |