CVEブラウザに戻る

CVE-2004-1226

MEDIUM

5.0

CVSS Severity Score

EPSS Score0.0290%

EPSS Percentile1.35th

Published2005年1月10日

Last Modified2026年4月16日

Vulnerability Description

SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter.

Affected Platforms (CPE)

📦

Sugarcrm

Sugarcrm

<= 2.0.1c

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=110295433323795&w=2

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18447

🔗 http://marc.info/?l=bugtraq&m=110295433323795&w=2

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18447

関連する脆弱性情報

CVE-2004-122510.0

SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and ga...

CVE-2004-122710.0

Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and p...

CVE-2020-74729.8

An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before ...

CVE-2012-06949.8

SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute...