返回 CVE 瀏覽器

CVE-2004-1227

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1290%

EPSS Percentile6.61th

Published2005年1月10日

Last Modified2026年4月16日

Vulnerability Description

Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts.

Affected Platforms (CPE)

📦

Sugarcrm

Sugar Sales

<= 2.0.1c

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=110295433323795&w=2

🔗 http://www.gulftech.org/?node=research&article_id=00053-120104

🔗 http://www.securityfocus.com/bid/11740

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18326

🔗 http://marc.info/?l=bugtraq&m=110295433323795&w=2

🔗 http://www.gulftech.org/?node=research&article_id=00053-120104

🔗 http://www.securityfocus.com/bid/11740

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18326

相關漏洞威脅

CVE-2004-122510.0

SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and ga...

CVE-2004-12286.4

The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtai...

CVE-2004-12265.0

SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...