CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1227

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1290%
EPSS Percentile6.61th
PublishedJan 10, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts.

Affected Platforms (CPE)

πŸ“¦
Sugarcrm

Sugar Sales

<= 2.0.1c

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=110295433323795&w=2
πŸ”— http://www.gulftech.org/?node=research&article_id=00053-120104
πŸ”— http://www.securityfocus.com/bid/11740
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18326
πŸ”— http://marc.info/?l=bugtraq&m=110295433323795&w=2
πŸ”— http://www.gulftech.org/?node=research&article_id=00053-120104
πŸ”— http://www.securityfocus.com/bid/11740
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18326

Related Vulnerabilities

CVE-2004-122510.0

SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and ga...

CVE-2004-12286.4

The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtai...

CVE-2004-12265.0

SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...