SugarCRM Community Edition 'index.php' Multiple SQL Injection Vulnerabilities

Bugtraq ID:	50870
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Nov 30 2011 12:00AM
Updated:	Nov 30 2011 12:00AM
Credit:	High-Tech Bridge SA Security Research Lab
Vulnerable:	SugarCRM SugarCRM Community Edition 6.3.0RC1
Not Vulnerable:	SugarCRM SugarCRM Community Edition 6.4.0

SugarCRM Community Edition 'index.php' Multiple SQL Injection Vulnerabilities

SugarCRM Community Edition is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

SugarCRM Community Edition 6.3.0RC1 is vulnerable; other versions may also be affected.

SugarCRM Community Edition 'index.php' Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/index.php?entryPoint=json&action=get_full_list&module=Leads&where=0%29%20union%20select%20version%28%29,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71%20--%20

http://www.example.com/index.php?entryPoint=json&action=get_full_list&module=Leads&order=SQL_CODE_HERE%20--%20

SugarCRM Community Edition 'index.php' Multiple SQL Injection Vulnerabilities

Solution:
Updates are available. Please see the references for more information.

SugarCRM Community Edition 'index.php' Multiple SQL Injection Vulnerabilities

References:

• Sql injection in SugarCRM (High-Tech Bridge SA Security Research Lab)
  
• SugarCRM Homepage (SugarCRM)