CVE-2009-2978: SQL Injection
First published: Thu Aug 27 2009(Updated: )
SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SugarCRM | =1.5d | |
| SugarCRM | =5.0.0 | |
| SugarCRM | =4.2.1 | |
| SugarCRM | =4.5.0f | |
| SugarCRM | =1.1a | |
| SugarCRM | =4.0 | |
| SugarCRM | =5.2d | |
| SugarCRM | =3.5.1 | |
| SugarCRM | =1.1b | |
| SugarCRM | =4.0.1 | |
| SugarCRM | =4.1 | |
| SugarCRM | =1.0g | |
| SugarCRM | =4.5.1 | |
| SugarCRM | =4.5.0 | |
| SugarCRM | <=4.5.1o | |
| SugarCRM | =5.2a | |
| SugarCRM | =2.0.1c | |
| SugarCRM | =1.1e | |
| SugarCRM | =2.0.1 | |
| SugarCRM | =5.2f | |
| SugarCRM | <=5.2.0g | |
| SugarCRM | =3.5 | |
| SugarCRM | =5.2c | |
| SugarCRM | =1.1c | |
| SugarCRM | =1.1f | |
| SugarCRM | =1.0 | |
| SugarCRM | =5.2e | |
| SugarCRM | <=5.0.0k | |
| SugarCRM | =2.0.1a | |
| SugarCRM | =1.1d | |
| SugarCRM | =3.0.1 | |
| SugarCRM | =1.0f | |
| SugarCRM | =5.2e | |
| SugarCRM | =5.0.0h | |
| SugarCRM | =1.1 | |
| SugarCRM | =4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html
- http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html
- http://jvn.jp/en/jp/JVN31035930/index.html
- http://secunia.com/advisories/36423
- http://www.sugarcrm.com/forums/showthread.php?t=50953
- http://www.sugarcrm.com/forums/showthread.php?t=50907
- http://www.securityfocus.com/bid/36118
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52679
Frequently Asked Questions
What is the severity of CVE-2009-2978?
CVE-2009-2978 has a medium severity rating, allowing potential remote exploitation.
How do I fix CVE-2009-2978?
To fix CVE-2009-2978, upgrade to SugarCRM versions 4.5.1p, 5.0.0l, or 5.2.0h or later.
What versions of SugarCRM are affected by CVE-2009-2978?
CVE-2009-2978 affects SugarCRM versions 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier.
What type of vulnerability is CVE-2009-2978?
CVE-2009-2978 is an SQL injection vulnerability that allows attackers to execute arbitrary SQL commands.
Can CVE-2009-2978 be exploited remotely?
Yes, CVE-2009-2978 can be exploited remotely, allowing attackers to gain unauthorized access to the database.
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/sugarcrm
- canonical/sugarcrm
- version/sugarcrm/1.5d
- version/sugarcrm/5.0.0
- version/sugarcrm/4.2.1
- version/sugarcrm/4.5.0f
- version/sugarcrm/1.1a
- version/sugarcrm/4.0
- version/sugarcrm/5.2d
- version/sugarcrm/3.5.1
- version/sugarcrm/1.1b
- version/sugarcrm/4.0.1
- version/sugarcrm/4.1
- version/sugarcrm/1.0g
- version/sugarcrm/4.5.1
- version/sugarcrm/4.5.0
- version/sugarcrm/4.5.1o
- version/sugarcrm/5.2a
- version/sugarcrm/2.0.1c
- version/sugarcrm/1.1e
- version/sugarcrm/2.0.1
- version/sugarcrm/5.2f
- version/sugarcrm/5.2.0g
- version/sugarcrm/3.5
- version/sugarcrm/5.2c
- version/sugarcrm/1.1c
- version/sugarcrm/1.1f
- version/sugarcrm/1.0
- version/sugarcrm/5.2e
- version/sugarcrm/5.0.0k
- version/sugarcrm/2.0.1a
- version/sugarcrm/1.1d
- version/sugarcrm/3.0.1
- version/sugarcrm/1.0f
- version/sugarcrm/5.0.0h
- version/sugarcrm/1.1
- version/sugarcrm/4.2