A vulnerability was reported in SugarCRM. A remote authenticated user can inject SQL commands.|
The software does not properly validate user-supplied input. A remote authenticated user can supply a specially crafted parameter value to execute SQL commands on the underlying database.
Some demonstration exploit URLs are provided:
The original advisory is available at:
High-Tech Bridge SA Security Research Lab reported this vulnerability.