CVE-2017-14508
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as demonstrated by a backslash character at the end of a bean_id to modules/Emails/DetailView.php. An attacker could exploit these vulnerabilities by sending a crafted SQL request to the affected areas. An exploit could allow the attacker to modify the SQL database. Proper SQL escaping has been added to prevent such exploits.
Existe un problema en SugarCRM en versiones anteriores a la 7.7.2.3, en versiones 7.8.x anteriores a la 7.8.2.2 y en versiones 7.9.x anteriores a la 7.9.2.0 (y Sugar Community Edition 6.5.26). Se identificaron múltiples áreas en el módulo Documents and Emails que podrían permitir a un usuario autenticado ejecutar inyecciones SQL, tal y como se demuestra con el carácter barra invertida al final de un bean_id para modules/Emails/DetailView.php. Un atacante podría explotar estas vulnerabilidades mediante el envío de una petición SQL manipulada a las áreas afectadas. Un exploit podría permitir que el atacante modifique la base de datos SQL. Un escapado SQL correcto prevendría dicho exploit.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-09-17 CVE Reserved
- 2017-09-17 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://www.synology.com/support/security/Synology_SA_17_53_SugarCRM | X_refsource_confirm |
|
| URL | Date | SRC |
|---|---|---|
| https://blog.ripstech.com/2017/sugarcrm-security-diet-multiple-vulnerabilities | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2017-006 | 2017-12-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | <= 7.7.2.2 Search vendor "Sugarcrm" for product "Sugarcrm" and version " <= 7.7.2.2" | - |
Affected
| ||||||
| Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | 6.5.26 Search vendor "Sugarcrm" for product "Sugarcrm" and version "6.5.26" | community |
Affected
| ||||||
| Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | 7.8.0.0 Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.8.0.0" | - |
Affected
| ||||||
| Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | 7.8.0.1 Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.8.0.1" | - |
Affected
| ||||||
| Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | 7.8.1.0 Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.8.1.0" | - |
Affected
| ||||||
| Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | 7.8.2.0 Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.8.2.0" | - |
Affected
| ||||||
| Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | 7.8.2.1 Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.8.2.1" | - |
Affected
| ||||||
| Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | 7.9.0.0 Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.9.0.0" | - |
Affected
| ||||||
| Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | 7.9.0.1 Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.9.0.1" | - |
Affected
| ||||||
| Sugarcrm Search vendor "Sugarcrm" | Sugarcrm Search vendor "Sugarcrm" for product "Sugarcrm" | 7.9.1.0 Search vendor "Sugarcrm" for product "Sugarcrm" and version "7.9.1.0" | - |
Affected
| ||||||