Vulnerabilities > Sugarcrm > Sugarcrm > 4.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-03-16 | CVE-2011-0745 | Improper Input Validation vulnerability in Sugarcrm SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php. | 4.0 |
| 2009-08-27 | CVE-2009-2978 | SQL Injection vulnerability in Sugarcrm SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2006-05-19 | CVE-2006-2460 | Remote and Local File Include vulnerability in Sugar Suite Open Source Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter. | 6.4 |