Published: 10/01/2005 Updated: 11/07/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and previous versions allows remote malicious users to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sugarcrm sugar sales

source: wwwsecurityfocuscom/bid/11740/info SugarCRM is reported prone to multiple vulnerabilites arising from insufficient sanitization of user-supplied input These issues can a remote attacker to carry out cross-site scripting, HTML injection, SQL injection and directory traversal attacks /indexphp?module=Opportunities&action= ...

Multiple cross site scripting, authentication bypass, SQL injection, file inclusion, and password hash disclosure flaws exist in vTiger versions 42 and below Various details disclosed ...

NVD-CWE-Other http://www.securityfocus.com/bid/11740 http://www.gulftech.org/?node=research&article_id=00053-120104 http://marc.info/?l=bugtraq&m=110295433323795&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/18326 https://nvd.nist.gov https://www.exploit-db.com/exploits/24769/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-1227

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect