CVEブラウザに戻る

CVE-2004-1228

MEDIUM

6.4

CVSS Severity Score

EPSS Score0.0980%

EPSS Percentile31.87th

Published2005年1月10日

Last Modified2026年4月16日

Vulnerability Description

The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default.

Affected Platforms (CPE)

📦

Sugarcrm

Sugar Sales

<= 2.0.1c

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=110295433323795&w=2

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18449

🔗 http://marc.info/?l=bugtraq&m=110295433323795&w=2

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18449

関連する脆弱性情報

CVE-2004-122510.0

SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and ga...

CVE-2004-122710.0

Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and p...

CVE-2004-12265.0

SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...