cvelistv5 - cve-2009-2978

CVE-2009-2978 (GCVE-0-2009-2978)

Vulnerability from cvelistv5 – Published: 2009-08-27 18:00 – Updated: 2024-08-07 06:07

Summary

SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-0…	third-party-advisoryx_refsource_JVNDB
	http://www.sugarcrm.com/forums/showthread.php?t=50907	x_refsource_CONFIRM
	http://www.ipa.go.jp/security/vuln/documents/2009…	x_refsource_MISC
	http://www.sugarcrm.com/forums/showthread.php?t=50953	x_refsource_CONFIRM
	http://secunia.com/advisories/36423	third-party-advisoryx_refsource_SECUNIA
	http://jvn.jp/en/jp/JVN31035930/index.html	third-party-advisoryx_refsource_JVN
	http://www.securityfocus.com/bid/36118	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:07:37.413Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "sugarcrm-unspecified-sql-injection(52679)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52679"
          },
          {
            "name": "JVNDB-2009-000056",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.sugarcrm.com/forums/showthread.php?t=50907"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.sugarcrm.com/forums/showthread.php?t=50953"
          },
          {
            "name": "36423",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36423"
          },
          {
            "name": "JVN#31035930",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN31035930/index.html"
          },
          {
            "name": "36118",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36118"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "sugarcrm-unspecified-sql-injection(52679)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52679"
        },
        {
          "name": "JVNDB-2009-000056",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.sugarcrm.com/forums/showthread.php?t=50907"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.sugarcrm.com/forums/showthread.php?t=50953"
        },
        {
          "name": "36423",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36423"
        },
        {
          "name": "JVN#31035930",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN31035930/index.html"
        },
        {
          "name": "36118",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36118"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2978",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "sugarcrm-unspecified-sql-injection(52679)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52679"
            },
            {
              "name": "JVNDB-2009-000056",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html"
            },
            {
              "name": "http://www.sugarcrm.com/forums/showthread.php?t=50907",
              "refsource": "CONFIRM",
              "url": "http://www.sugarcrm.com/forums/showthread.php?t=50907"
            },
            {
              "name": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html",
              "refsource": "MISC",
              "url": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html"
            },
            {
              "name": "http://www.sugarcrm.com/forums/showthread.php?t=50953",
              "refsource": "CONFIRM",
              "url": "http://www.sugarcrm.com/forums/showthread.php?t=50953"
            },
            {
              "name": "36423",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36423"
            },
            {
              "name": "JVN#31035930",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN31035930/index.html"
            },
            {
              "name": "36118",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36118"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2978",
    "datePublished": "2009-08-27T18:00:00",
    "dateReserved": "2009-08-27T00:00:00",
    "dateUpdated": "2024-08-07T06:07:37.413Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.5.1o\", \"matchCriteriaId\": \"E53F4C99-9892-4E15-AC43-7C350F84B5D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:*:*:sugar_community_edition:*:*:*:*:*\", \"versionEndIncluding\": \"5.0.0k\", \"matchCriteriaId\": \"5C668E68-AA42-4D18-9C9D-45D1C73F5C81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.2.0g\", \"matchCriteriaId\": \"7A97B4C9-4510-4970-AD03-1106294A4FBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4107E934-D5CF-4ABF-8CB6-0DA90F3D9A74\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:1.0f:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85742E7F-C06C-46A5-9008-245BE6E4E0BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:1.0g:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B820A83B-0F03-4523-9D4D-3EB2930B35F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49FA30E3-7572-4BCC-8EFA-9D259DF892E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:1.1a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFBB2BDD-5FA2-40E1-9395-A9DED672E3FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:1.1b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"022D7E5E-BCBC-4E14-9C0D-50E5DD237D76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:1.1c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22E73109-5473-417C-A003-7C1EE1DC3ABC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:1.1d:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F183CCFF-6D5B-43E7-A70F-E9AEA6E46880\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:1.1e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DA73438-7BA5-4668-90E2-2EECDBBB58A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:1.1f:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6C3E6DF-AE5C-4D7F-99B3-16C3967A6A60\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:1.5d:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BF53885-8C5B-4654-AB42-587290E58355\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A197BD9-85DD-47F2-B30B-6C7F372F6DCE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:2.0.1a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42F2BB29-5136-4F23-8D1B-0507A5FCBF13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:2.0.1c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"603F5E29-5D0B-4872-A125-D7B1CD77BACA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"687D4794-4163-4EC8-9673-47E5EF216371\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12DAF9EB-FED5-482D-820E-553E9057B92E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:3.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6842129-2DF6-47C9-8960-BF39D1A337C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DF5360C-C07C-413A-9B8C-50907187DAC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DED8B842-AAEB-4227-A2D3-64229F4B9FA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4525F5B5-E268-4B50-8244-E8829C106FA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"28098D0F-B3E2-470E-92B1-C9138A664496\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"35F7EFEF-004A-458A-9B3C-3B1B654C6C11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:4.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACB97DBC-4525-4227-9698-4B05140CCAB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:4.5.0f:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58854312-8672-4399-83FB-DF12DF6052F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:4.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13A8BAEB-B6E3-48AF-90E8-28D7146115AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:5.0.0:*:sugar_community_edition:*:*:*:*:*\", \"matchCriteriaId\": \"6FEB4B61-0F95-45CA-AB7A-BA07FF2FCA82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:5.0.0h:*:sugar_community_edition:*:*:*:*:*\", \"matchCriteriaId\": \"B23F68DA-DFB0-42E1-959A-F7A68AA83BC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:5.2a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"439E75C4-C02D-4905-9D73-CE27D6A54C5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:5.2c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BF95EA0-16E7-4173-AEC8-D66A3F8FB62B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:5.2d:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFA524F8-A78F-414A-A5AC-1A89901BD917\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:5.2e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFCC9802-4642-4331-9D56-4E1F76151E24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:5.2e:*:sugar_community_edition:*:*:*:*:*\", \"matchCriteriaId\": \"0B6D79D5-2E61-4C1F-906B-EB16F0D97586\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sugarcrm:sugarcrm:5.2f:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7922DB4E-9812-4636-A61D-8D201CE92D93\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de inyecci\\u00f3n SQL en SugarCRM v4.5.1o y anteriores, v5.0.0k y anteriores, y v5.2.0g y anteriores, permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2009-2978",
      "lastModified": "2024-11-21T01:06:12.317",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-08-27T18:30:00.453",
      "references": "[{\"url\": \"http://jvn.jp/en/jp/JVN31035930/index.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/36423\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/36118\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.sugarcrm.com/forums/showthread.php?t=50907\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.sugarcrm.com/forums/showthread.php?t=50953\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/52679\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://jvn.jp/en/jp/JVN31035930/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/36423\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/36118\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.sugarcrm.com/forums/showthread.php?t=50907\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.sugarcrm.com/forums/showthread.php?t=50953\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/52679\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-2978\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-08-27T18:30:00.453\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n SQL en SugarCRM v4.5.1o y anteriores, v5.0.0k y anteriores, y v5.2.0g y anteriores, permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.5.1o\",\"matchCriteriaId\":\"E53F4C99-9892-4E15-AC43-7C350F84B5D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:*:*:sugar_community_edition:*:*:*:*:*\",\"versionEndIncluding\":\"5.0.0k\",\"matchCriteriaId\":\"5C668E68-AA42-4D18-9C9D-45D1C73F5C81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.2.0g\",\"matchCriteriaId\":\"7A97B4C9-4510-4970-AD03-1106294A4FBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4107E934-D5CF-4ABF-8CB6-0DA90F3D9A74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:1.0f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85742E7F-C06C-46A5-9008-245BE6E4E0BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:1.0g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B820A83B-0F03-4523-9D4D-3EB2930B35F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49FA30E3-7572-4BCC-8EFA-9D259DF892E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:1.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFBB2BDD-5FA2-40E1-9395-A9DED672E3FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:1.1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"022D7E5E-BCBC-4E14-9C0D-50E5DD237D76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:1.1c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22E73109-5473-417C-A003-7C1EE1DC3ABC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:1.1d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F183CCFF-6D5B-43E7-A70F-E9AEA6E46880\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:1.1e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DA73438-7BA5-4668-90E2-2EECDBBB58A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:1.1f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6C3E6DF-AE5C-4D7F-99B3-16C3967A6A60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:1.5d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BF53885-8C5B-4654-AB42-587290E58355\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A197BD9-85DD-47F2-B30B-6C7F372F6DCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:2.0.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42F2BB29-5136-4F23-8D1B-0507A5FCBF13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:2.0.1c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"603F5E29-5D0B-4872-A125-D7B1CD77BACA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"687D4794-4163-4EC8-9673-47E5EF216371\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12DAF9EB-FED5-482D-820E-553E9057B92E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:3.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6842129-2DF6-47C9-8960-BF39D1A337C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DF5360C-C07C-413A-9B8C-50907187DAC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DED8B842-AAEB-4227-A2D3-64229F4B9FA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4525F5B5-E268-4B50-8244-E8829C106FA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28098D0F-B3E2-470E-92B1-C9138A664496\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35F7EFEF-004A-458A-9B3C-3B1B654C6C11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:4.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACB97DBC-4525-4227-9698-4B05140CCAB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:4.5.0f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58854312-8672-4399-83FB-DF12DF6052F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:4.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13A8BAEB-B6E3-48AF-90E8-28D7146115AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:5.0.0:*:sugar_community_edition:*:*:*:*:*\",\"matchCriteriaId\":\"6FEB4B61-0F95-45CA-AB7A-BA07FF2FCA82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:5.0.0h:*:sugar_community_edition:*:*:*:*:*\",\"matchCriteriaId\":\"B23F68DA-DFB0-42E1-959A-F7A68AA83BC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:5.2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"439E75C4-C02D-4905-9D73-CE27D6A54C5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:5.2c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BF95EA0-16E7-4173-AEC8-D66A3F8FB62B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:5.2d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFA524F8-A78F-414A-A5AC-1A89901BD917\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:5.2e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFCC9802-4642-4331-9D56-4E1F76151E24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:5.2e:*:sugar_community_edition:*:*:*:*:*\",\"matchCriteriaId\":\"0B6D79D5-2E61-4C1F-906B-EB16F0D97586\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sugarcrm:sugarcrm:5.2f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7922DB4E-9812-4636-A61D-8D201CE92D93\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN31035930/index.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/36423\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/36118\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.sugarcrm.com/forums/showthread.php?t=50907\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.sugarcrm.com/forums/showthread.php?t=50953\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/52679\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://jvn.jp/en/jp/JVN31035930/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36423\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/36118\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.sugarcrm.com/forums/showthread.php?t=50907\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.sugarcrm.com/forums/showthread.php?t=50953\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/52679\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-9WV5-PPRM-9XW9

Vulnerability from github – Published: 2022-05-02 03:40 – Updated: 2022-05-02 03:40

Details

SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-2978"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-08-27T18:30:00Z",
    "severity": "HIGH"
  },
  "details": "SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.",
  "id": "GHSA-9wv5-pprm-9xw9",
  "modified": "2022-05-02T03:40:32Z",
  "published": "2022-05-02T03:40:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2978"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52679"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN31035930/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36423"
    },
    {
      "type": "WEB",
      "url": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36118"
    },
    {
      "type": "WEB",
      "url": "http://www.sugarcrm.com/forums/showthread.php?t=50907"
    },
    {
      "type": "WEB",
      "url": "http://www.sugarcrm.com/forums/showthread.php?t=50953"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

JVNDB-2009-000056

Vulnerability from jvndb - Published: 2009-08-24 16:25 - Updated:2009-08-24 16:25

Severity ?

() - -

Summary

SugarCRM vulnerable to SQL injection

Details

SugarCRM contains a SQL injection vulnerability. SugarCRM is a customer relationship management (CRM) software. SugarCRM contains a SQL injection vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN31035930/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2978
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2978
	IPA SECURITY ALERTS	http://www.ipa.go.jp/security/english/vuln/200908_sugarcrm_en.html
	SECUNIA	http://secunia.com/advisories/36423
	BID	http://www.securityfocus.com/bid/36118
	XF	http://xforce.iss.net/xforce/xfdb/52679
	SQL Injection(CWE-89)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

SugarCRM

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html",
  "dc:date": "2009-08-24T16:25+09:00",
  "dcterms:issued": "2009-08-24T16:25+09:00",
  "dcterms:modified": "2009-08-24T16:25+09:00",
  "description": "SugarCRM contains a SQL injection vulnerability.\r\n\r\nSugarCRM is a customer relationship management (CRM) software. SugarCRM contains a SQL injection vulnerability. \r\n\r\nTakeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html",
  "sec:cpe": {
    "#text": "cpe:/a:sugarcrm:sugarcrm",
    "@product": "SugarCRM",
    "@vendor": "SugarCRM",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "6.5",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-000056",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN31035930/index.html",
      "@id": "JVN#31035930",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2978",
      "@id": "CVE-2009-2978",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2978",
      "@id": "CVE-2009-2978",
      "@source": "NVD"
    },
    {
      "#text": "http://www.ipa.go.jp/security/english/vuln/200908_sugarcrm_en.html",
      "@id": "Security Alert for Vulnerability in SugarCRM",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "http://secunia.com/advisories/36423",
      "@id": "SA36423",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/36118",
      "@id": "36118",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/52679",
      "@id": "52679",
      "@source": "XF"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-89",
      "@title": "SQL Injection(CWE-89)"
    }
  ],
  "title": "SugarCRM vulnerable to SQL injection"
}

GSD-2009-2978

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Aliases

CVE-2009-2978

Aliases

CVE-2009-2978

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-2978",
    "description": "SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.",
    "id": "GSD-2009-2978"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-2978"
      ],
      "details": "SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.",
      "id": "GSD-2009-2978",
      "modified": "2023-12-13T01:19:46.020074Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-2978",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "sugarcrm-unspecified-sql-injection(52679)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52679"
          },
          {
            "name": "JVNDB-2009-000056",
            "refsource": "JVNDB",
            "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html"
          },
          {
            "name": "http://www.sugarcrm.com/forums/showthread.php?t=50907",
            "refsource": "CONFIRM",
            "url": "http://www.sugarcrm.com/forums/showthread.php?t=50907"
          },
          {
            "name": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html",
            "refsource": "MISC",
            "url": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html"
          },
          {
            "name": "http://www.sugarcrm.com/forums/showthread.php?t=50953",
            "refsource": "CONFIRM",
            "url": "http://www.sugarcrm.com/forums/showthread.php?t=50953"
          },
          {
            "name": "36423",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36423"
          },
          {
            "name": "JVN#31035930",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN31035930/index.html"
          },
          {
            "name": "36118",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/36118"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:1.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:1.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:1.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:3.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.5.1o",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:*:*:sugar_community_edition:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0.0k",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:5.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:5.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:1.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:1.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:4.5.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:4.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:5.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:5.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:1.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:1.5d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:5.0.0h:*:sugar_community_edition:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:5.0.0:*:sugar_community_edition:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.0g",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:1.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:1.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:2.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:2.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:4.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:5.2e:*:sugar_community_edition:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sugarcrm:sugarcrm:5.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2978"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html"
            },
            {
              "name": "JVNDB-2009-000056",
              "refsource": "JVNDB",
              "tags": [],
              "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html"
            },
            {
              "name": "JVN#31035930",
              "refsource": "JVN",
              "tags": [
                "Patch"
              ],
              "url": "http://jvn.jp/en/jp/JVN31035930/index.html"
            },
            {
              "name": "36423",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/36423"
            },
            {
              "name": "http://www.sugarcrm.com/forums/showthread.php?t=50953",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.sugarcrm.com/forums/showthread.php?t=50953"
            },
            {
              "name": "http://www.sugarcrm.com/forums/showthread.php?t=50907",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.sugarcrm.com/forums/showthread.php?t=50907"
            },
            {
              "name": "36118",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/36118"
            },
            {
              "name": "sugarcrm-unspecified-sql-injection(52679)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52679"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-17T01:30Z",
      "publishedDate": "2009-08-27T18:30Z"
    }
  }
}

FKIE_CVE-2009-2978

Vulnerability from fkie_nvd - Published: 2009-08-27 18:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://jvn.jp/en/jp/JVN31035930/index.html	Patch
cve@mitre.org	http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html
cve@mitre.org	http://secunia.com/advisories/36423	Vendor Advisory
cve@mitre.org	http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html
cve@mitre.org	http://www.securityfocus.com/bid/36118
cve@mitre.org	http://www.sugarcrm.com/forums/showthread.php?t=50907	Patch
cve@mitre.org	http://www.sugarcrm.com/forums/showthread.php?t=50953	Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/52679
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN31035930/index.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36423	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36118
af854a3a-2127-422b-91ae-364da2661108	http://www.sugarcrm.com/forums/showthread.php?t=50907	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.sugarcrm.com/forums/showthread.php?t=50953	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/52679

Impacted products

Vendor	Product	Version
sugarcrm	sugarcrm	*
sugarcrm	sugarcrm	*
sugarcrm	sugarcrm	*
sugarcrm	sugarcrm	1.0
sugarcrm	sugarcrm	1.0f
sugarcrm	sugarcrm	1.0g
sugarcrm	sugarcrm	1.1
sugarcrm	sugarcrm	1.1a
sugarcrm	sugarcrm	1.1b
sugarcrm	sugarcrm	1.1c
sugarcrm	sugarcrm	1.1d
sugarcrm	sugarcrm	1.1e
sugarcrm	sugarcrm	1.1f
sugarcrm	sugarcrm	1.5d
sugarcrm	sugarcrm	2.0.1
sugarcrm	sugarcrm	2.0.1a
sugarcrm	sugarcrm	2.0.1c
sugarcrm	sugarcrm	3.0.1
sugarcrm	sugarcrm	3.5
sugarcrm	sugarcrm	3.5.1
sugarcrm	sugarcrm	4.0
sugarcrm	sugarcrm	4.0.1
sugarcrm	sugarcrm	4.1
sugarcrm	sugarcrm	4.2
sugarcrm	sugarcrm	4.2.1
sugarcrm	sugarcrm	4.5.0
sugarcrm	sugarcrm	4.5.0f
sugarcrm	sugarcrm	4.5.1
sugarcrm	sugarcrm	5.0.0
sugarcrm	sugarcrm	5.0.0h
sugarcrm	sugarcrm	5.2a
sugarcrm	sugarcrm	5.2c
sugarcrm	sugarcrm	5.2d
sugarcrm	sugarcrm	5.2e
sugarcrm	sugarcrm	5.2e
sugarcrm	sugarcrm	5.2f

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E53F4C99-9892-4E15-AC43-7C350F84B5D4",
              "versionEndIncluding": "4.5.1o",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:*:*:sugar_community_edition:*:*:*:*:*",
              "matchCriteriaId": "5C668E68-AA42-4D18-9C9D-45D1C73F5C81",
              "versionEndIncluding": "5.0.0k",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A97B4C9-4510-4970-AD03-1106294A4FBF",
              "versionEndIncluding": "5.2.0g",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4107E934-D5CF-4ABF-8CB6-0DA90F3D9A74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:1.0f:*:*:*:*:*:*:*",
              "matchCriteriaId": "85742E7F-C06C-46A5-9008-245BE6E4E0BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:1.0g:*:*:*:*:*:*:*",
              "matchCriteriaId": "B820A83B-0F03-4523-9D4D-3EB2930B35F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FA30E3-7572-4BCC-8EFA-9D259DF892E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:1.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFBB2BDD-5FA2-40E1-9395-A9DED672E3FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:1.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "022D7E5E-BCBC-4E14-9C0D-50E5DD237D76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:1.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "22E73109-5473-417C-A003-7C1EE1DC3ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:1.1d:*:*:*:*:*:*:*",
              "matchCriteriaId": "F183CCFF-6D5B-43E7-A70F-E9AEA6E46880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:1.1e:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA73438-7BA5-4668-90E2-2EECDBBB58A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:1.1f:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C3E6DF-AE5C-4D7F-99B3-16C3967A6A60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:1.5d:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF53885-8C5B-4654-AB42-587290E58355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A197BD9-85DD-47F2-B30B-6C7F372F6DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:2.0.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "42F2BB29-5136-4F23-8D1B-0507A5FCBF13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:2.0.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "603F5E29-5D0B-4872-A125-D7B1CD77BACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "687D4794-4163-4EC8-9673-47E5EF216371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "12DAF9EB-FED5-482D-820E-553E9057B92E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:3.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6842129-2DF6-47C9-8960-BF39D1A337C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DF5360C-C07C-413A-9B8C-50907187DAC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DED8B842-AAEB-4227-A2D3-64229F4B9FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4525F5B5-E268-4B50-8244-E8829C106FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "28098D0F-B3E2-470E-92B1-C9138A664496",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "35F7EFEF-004A-458A-9B3C-3B1B654C6C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:4.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACB97DBC-4525-4227-9698-4B05140CCAB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:4.5.0f:*:*:*:*:*:*:*",
              "matchCriteriaId": "58854312-8672-4399-83FB-DF12DF6052F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:4.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "13A8BAEB-B6E3-48AF-90E8-28D7146115AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:5.0.0:*:sugar_community_edition:*:*:*:*:*",
              "matchCriteriaId": "6FEB4B61-0F95-45CA-AB7A-BA07FF2FCA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:5.0.0h:*:sugar_community_edition:*:*:*:*:*",
              "matchCriteriaId": "B23F68DA-DFB0-42E1-959A-F7A68AA83BC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:5.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "439E75C4-C02D-4905-9D73-CE27D6A54C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:5.2c:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF95EA0-16E7-4173-AEC8-D66A3F8FB62B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:5.2d:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFA524F8-A78F-414A-A5AC-1A89901BD917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:5.2e:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFCC9802-4642-4331-9D56-4E1F76151E24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:5.2e:*:sugar_community_edition:*:*:*:*:*",
              "matchCriteriaId": "0B6D79D5-2E61-4C1F-906B-EB16F0D97586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sugarcrm:sugarcrm:5.2f:*:*:*:*:*:*:*",
              "matchCriteriaId": "7922DB4E-9812-4636-A61D-8D201CE92D93",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en SugarCRM v4.5.1o y anteriores, v5.0.0k y anteriores, y v5.2.0g y anteriores, permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2009-2978",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-08-27T18:30:00.453",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://jvn.jp/en/jp/JVN31035930/index.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36423"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36118"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.sugarcrm.com/forums/showthread.php?t=50907"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.sugarcrm.com/forums/showthread.php?t=50953"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://jvn.jp/en/jp/JVN31035930/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.sugarcrm.com/forums/showthread.php?t=50907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.sugarcrm.com/forums/showthread.php?t=50953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52679"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-2978 (GCVE-0-2009-2978)

GHSA-9WV5-PPRM-9XW9

JVNDB-2009-000056

GSD-2009-2978

FKIE_CVE-2009-2978

Tags

Sightings

Nomenclature