SugarCRM

SugarCRM is the world's leading provider of commercial open source customer relationship management (CRM) software for companies of all sizes. Sugar easily adapts to any business environment by offering a more flexible, cost-effective alternative than proprietary applications. SugarCRM's open source architecture allows companies to more easily customize and integrate customer-facing business processes in order to build and maintain more profitable relationships. SugarCRM offers several deployment options, including on-demand, on-premise and appliance-based solutions to suit customers' security, integration and configuration needs.

SugarCRM Screenshots
In this page you can see various images of SugarCRM, a commercial open source customer relationship management (CRM) software

Try SugarCRM for free below (OnLine Demo)!

SugarCRM OnLine Demo

Share

SugarCRM Security Vulnerabilities

  • Thu, 23 February 2012, 4.45

  • Sat, 03 December 2011, 2.50
    SugarCRM index.php Multiple Parameter SQL Injection
    SugarCRM contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'where' and 'order' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
    Solution: Upgrade to veion 6.1.7, 6.2.4, 6.30RC3 or 6.4.0beta1 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

  • Sun, 22 May 2011, 5.04
    SugarCRM Multiple Script Direct Request Path Disclosure
    SugarCRM contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request to multiple scripts, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
    Solution: Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to temporarily work around the flaw by implementing the following workaround: Disable php error_display off.

  • Thu, 17 March 2011, 3.45
    SugarCRM Duplicate Accounts / Contacts Module ShowDuplicates Action Information Disclosure
    Solution: SOLUTION UNKNOWN!

  • Tue, 01 June 2010, 2.09
    SugarCRM Admin Account Creation CSRF
    SugarCRM contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions such as create arbitrary users with administrative privileges. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
    Solution: SOLUTION UNKNOWN!

  • Wed, 17 March 2010, 23.40
    SugarCRM Document Creation Document Name XSS
    SugarCRM contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the document name parameter upon submission to the document creation functionality. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
    Solution: Upgrade to veion 5.5.0a, 5.2.0l or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

  • Thu, 26 November 2009, 18.26
    SugarCRM Backup Functionality Access Restriction Weakness
    SugarCRM contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by a lack of restricted access to the backup functionality, which will disclose potentially sensitive information resulting in a loss of confidentiality.
    Solution: Upgrade to veion 5.2.0k or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.