CVE-2009-2978 Information

Description

SQL injection vulnerability in SugarCRM 4.5.1o and earlier 5.0.0k and earlier and 5.2.0g and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Reference

http://jvn.jp/en/jp/JVN31035930/index.html http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html http://secunia.com/advisories/36423 http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html http://www.securityfocus.com/bid/36118 http://www.sugarcrm.com/forums/showthread.php?t=50907 http://www.sugarcrm.com/forums/showthread.php?t=50953 https://exchange.xforce.ibmcloud.com/vulnerabilities/52679