Published: 10/01/2005 Updated: 11/07/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

SQL injection vulnerability in SugarCRM Sugar Sales prior to 2.0.1a allows remote malicious users to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sugarcrm sugarcrm 1.0g
sugarcrm sugarcrm 1.1
sugarcrm sugarcrm 1.5d
sugarcrm sugarcrm 2.0.1
sugarcrm sugarcrm 1.0
sugarcrm sugarcrm 1.0f
sugarcrm sugarcrm 1.1e
sugarcrm sugarcrm 1.1f
sugarcrm sugarcrm 1.1c
sugarcrm sugarcrm 1.1d
sugarcrm sugarcrm 1.1a
sugarcrm sugarcrm 1.1b
sugarcrm sugarcrm 2.0.1a

source: wwwsecurityfocuscom/bid/11740/info SugarCRM is reported prone to multiple vulnerabilites arising from insufficient sanitization of user-supplied input These issues can a remote attacker to carry out cross-site scripting, HTML injection, SQL injection and directory traversal attacks indexphp?action=DetailView&module=Account ...

NVD-CWE-Other http://www.securityfocus.com/bid/11740 http://www.gulftech.org/?node=research&article_id=00053-120104 http://marc.info/?l=bugtraq&m=110295433323795&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/18325 https://nvd.nist.gov https://www.exploit-db.com/exploits/24768/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-1225

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect