3 matches found
CVE-2004-1226
SugarCRM Sugar Sales 2.0.1c and earlier are affected by a vulnerability where remote attackers can cause an error message to reveal internal path information via requests to scripts with invalid input, demonstrated with phprint.php and an empty module parameter. The reliable sources describe the ...
CVE-2004-1228
The CVE-2004-1228 entry concerns SugarCRM Sugar Sales 2.0.1c and earlier, where install scripts are not removed after installation. This leaves the MySQL administrative password exposed in cleartext via an installation form and can also enable denial of service by resetting database settings to d...
CVE-2004-1227
CVE-2004-1227 affects SugarCRM Sugar Sales 2.0.1c and earlier. The vulnerability is a directory traversal flaw allowing remote attackers to read arbitrary files and potentially execute PHP code via dot-dot sequences in several parameters to index.php and Login.php (and possibly other scripts). Ro...