Lucene search

[email protected]CVE-2004-1226

HistoryJan 10, 2005 - 5:00 a.m.

CVE-2004-1226

2005-01-1005:00:00

[email protected]

web.nvd.nist.gov

cve

sugarcrm

sugar sales

path disclosure

vulnerability

security

nvd

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

77.5%

JSON

SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter.

Affected configurations

NVD

Node

sugarcrmsugarcrmRange≤2.0.1c

CPENameOperatorVersion
sugarcrm:sugarcrmsugarcrmle2.0.1c

CPE	Name	Operator	Version
sugarcrm:sugarcrm	sugarcrm	le	2.0.1c

References

marc.info/?l=bugtraq&m=110295433323795&w=2

exchange.xforce.ibmcloud.com/vulnerabilities/18447

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

77.5%

JSON

Related for CVE-2004-1226

cvelist1 nvd1