CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1225

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0030%
EPSS Percentile40.02th
PublishedJan 10, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality.

Affected Platforms (CPE)

πŸ“¦
Sugarcrm

Sugarcrm

= 1.0
πŸ“¦
Sugarcrm

Sugarcrm

= 1.0f
πŸ“¦
Sugarcrm

Sugarcrm

= 1.0g
πŸ“¦
Sugarcrm

Sugarcrm

= 1.1
πŸ“¦
Sugarcrm

Sugarcrm

= 1.1a
πŸ“¦
Sugarcrm

Sugarcrm

= 1.1b
πŸ“¦
Sugarcrm

Sugarcrm

= 1.1c
πŸ“¦
Sugarcrm

Sugarcrm

= 1.1d
πŸ“¦
Sugarcrm

Sugarcrm

= 1.1e
πŸ“¦
Sugarcrm

Sugarcrm

= 1.1f
πŸ“¦
Sugarcrm

Sugarcrm

= 1.5d
πŸ“¦
Sugarcrm

Sugarcrm

= 2.0.1
πŸ“¦
Sugarcrm

Sugarcrm

= 2.0.1a

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=110295433323795&w=2
πŸ”— http://www.gulftech.org/?node=research&article_id=00053-120104
πŸ”— http://www.securityfocus.com/bid/11740
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18325
πŸ”— http://marc.info/?l=bugtraq&m=110295433323795&w=2
πŸ”— http://www.gulftech.org/?node=research&article_id=00053-120104
πŸ”— http://www.securityfocus.com/bid/11740
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18325

Related Vulnerabilities

CVE-2004-122710.0

Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and p...

CVE-2012-06949.8

SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute...

CVE-2020-74729.8

An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before ...

CVE-2014-32449.8

XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitr...