Vulnerabilities > CVE-2004-1225 - Input Validation vulnerability in SugarCRM
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 13 |
Exploit-Db
description | SugarCRM 1.x/2.0 Module record Parameter SQL Injection. CVE-2004-1225. Webapps exploit for php platform |
id | EDB-ID:24768 |
last seen | 2016-02-02 |
modified | 2004-11-23 |
published | 2004-11-23 |
reporter | James Bercegay |
source | https://www.exploit-db.com/download/24768/ |
title | SugarCRM 1.x/2.0 Module record Parameter SQL Injection |