SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sugarcrm | Sugarcrm | 1.0 (including) | 1.0 (including) |
| Sugarcrm | Sugarcrm | 1.0f (including) | 1.0f (including) |
| Sugarcrm | Sugarcrm | 1.0g (including) | 1.0g (including) |
| Sugarcrm | Sugarcrm | 1.1 (including) | 1.1 (including) |
| Sugarcrm | Sugarcrm | 1.1a (including) | 1.1a (including) |
| Sugarcrm | Sugarcrm | 1.1b (including) | 1.1b (including) |
| Sugarcrm | Sugarcrm | 1.1c (including) | 1.1c (including) |
| Sugarcrm | Sugarcrm | 1.1d (including) | 1.1d (including) |
| Sugarcrm | Sugarcrm | 1.1e (including) | 1.1e (including) |
| Sugarcrm | Sugarcrm | 1.1f (including) | 1.1f (including) |
| Sugarcrm | Sugarcrm | 1.5d (including) | 1.5d (including) |
| Sugarcrm | Sugarcrm | 2.0.1 (including) | 2.0.1 (including) |
| Sugarcrm | Sugarcrm | 2.0.1a (including) | 2.0.1a (including) |