SugarCRM < 10.1.0 (Reports Export) SQL Injection Vulnerability

Join the Telegram channelTelegram

Posted by Egidio Romano on Aug 11

SugarCRM < 10.1.0 (Reports Export) SQL Injection Vulnerability

*• Software Link:*

https://www.sugarcrm.com

*• Affected Versions:*

All versions prior to 10.1.0 (Q3 2020).

*• Vulnerability Description:*

User input passed through the encoded “current_post” parameter to
‘index.php’ (when “entryPoint” is set to “export” and “module” is set to
“Reports”) is not properly sanitized before being used to construct a…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Want to Support the Site, Become a Patron!

Original Source