CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1228

MEDIUM
6.4
CVSS Severity Score
EPSS Score0.0980%
EPSS Percentile31.87th
PublishedJan 10, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default.

Affected Platforms (CPE)

πŸ“¦
Sugarcrm

Sugar Sales

<= 2.0.1c

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=110295433323795&w=2
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18449
πŸ”— http://marc.info/?l=bugtraq&m=110295433323795&w=2
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18449

Related Vulnerabilities

CVE-2004-122510.0

SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and ga...

CVE-2004-122710.0

Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and p...

CVE-2004-12265.0

SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...