CVE-2018-6308

Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modulesCampaignsTracker.php and modulesCampaignsutils.php, the default_currency_name parameter to modulesConfiguratorcontroller.php and modulesCurrenciesCurrency.php, the duplicate parameter to modulesContactsShowDuplicates.php, the mergecur parameter to modulesCurrenciesindex.php and modulesOpportunitiesOpportunity.php, and the load_signed_id parameter to modulesDocumentsDocument.php.
Configurations

Configuration 1

cpe:2.3:a:sugarcrm:sugarcrm:6.5.26:*:*:*:community:*:*:*

Information

Published : 2018-01-25 08:29

Updated : 2018-02-12 06:37


NVD link : CVE-2018-6308

Mitre link : CVE-2018-6308

Products Affected
No products.
CWE