Vulnerabilities > CVE-2004-1227 - Input Validation vulnerability in SugarCRM

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

sugarcrm

critical

exploit available

NVD

Published: 2005-01-10

Updated: 2017-07-11

Summary

Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts.

Vulnerable Configurations

Part	Description	Count
Application	Sugarcrm Sugarcrm Sugar Sales *	1

Exploit-Db

description	SugarCRM 1.x/2.0 Module Traversal Arbitrary File Access. CVE-2004-1227 . Webapps exploit for php platform
id	EDB-ID:24769
last seen	2016-02-02
modified	2004-11-23
published	2004-11-23
reporter	James Bercegay
source	https://www.exploit-db.com/download/24769/
title	SugarCRM 1.x/2.0 Module Traversal Arbitrary File Access

Packetstorm

data source	https://packetstormsecurity.com/files/download/41939/advisory_232005.105.txt
id	PACKETSTORM:41939
last seen	2016-12-05
published	2005-11-30
reporter	Stefan Esser
source	https://packetstormsecurity.com/files/41939/Hardened-PHP-Project-Security-Advisory-2005-23.105.html
title	Hardened-PHP Project Security Advisory 2005-23.105

Summary

Vulnerable Configurations

Exploit-Db

Packetstorm

References