Vulnerabilities > CVE-2004-1228 - Denial-Of-Service vulnerability in Sugar Sales
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
PARTIAL Summary
The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |