CVE-2011-4833

N/A Unknown

Published: December 15, 2011 Modified: April 29, 2026

Description

Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://secunia.com/advisories/47011

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1026369

Source: cve@mitre.org

Exploit

http://www.osvdb.org/77459

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/520685/100/0/threaded

Source: cve@mitre.org

http://www.sugarcrm.com/crm/support/bugs.html#issue_47800

Source: cve@mitre.org

Exploit

http://www.sugarcrm.com/crm/support/bugs.html#issue_47805

Source: cve@mitre.org

Exploit

http://www.sugarcrm.com/crm/support/bugs.html#issue_47806

Source: cve@mitre.org

Exploit

http://www.sugarcrm.com/crm/support/bugs.html#issue_47839

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/71586

Source: cve@mitre.org

https://www.htbridge.ch/advisory/sql_injection_in_sugarcrm.html

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/47011

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1026369

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.osvdb.org/77459

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/archive/1/520685/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.sugarcrm.com/crm/support/bugs.html#issue_47800

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.sugarcrm.com/crm/support/bugs.html#issue_47805

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.sugarcrm.com/crm/support/bugs.html#issue_47806

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.sugarcrm.com/crm/support/bugs.html#issue_47839

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/71586

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.htbridge.ch/advisory/sql_injection_in_sugarcrm.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

20 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

2.0%

79th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-89

Affected Vendors

sugarcrm

Related CVEs

CVE-2026-9677 N/A

CVE-2026-13245 6.1

CVE-2026-12404 5.3

CVE-2026-10820 N/A

CVE-2026-12415 9.8