CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1226

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.0290%
EPSS Percentile1.35th
PublishedJan 10, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter.

Affected Platforms (CPE)

πŸ“¦
Sugarcrm

Sugarcrm

<= 2.0.1c

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=110295433323795&w=2
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18447
πŸ”— http://marc.info/?l=bugtraq&m=110295433323795&w=2
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18447

Related Vulnerabilities

CVE-2004-122510.0

SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and ga...

CVE-2004-122710.0

Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and p...

CVE-2020-74729.8

An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before ...

CVE-2012-06949.8

SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute...