The install scripts in SugarCRM Sugar Sales 2.0.1c and previous versions are not removed after installation, which allows malicious users to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sugarcrm sugar sales |