Vulnerabilities > Sugarcrm

DATE	CVE	VULNERABILITY TITLE	RISK
2005-12-08	CVE-2005-4087	Remote and Local File Include vulnerability in Sugarcrm Sugar Suite 3.5/4.0Beta PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter. network low complexity sugarcrm	7.5
2005-12-08	CVE-2005-4086	Remote and Local File Include vulnerability in Sugarcrm Sugar Suite 3.5/4.0Beta Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter. network low complexity sugarcrm	5.0
2005-01-10	CVE-2004-1228	Denial-Of-Service vulnerability in Sugar Sales The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default. network low complexity sugarcrm	6.4
2005-01-10	CVE-2004-1227	Input Validation vulnerability in SugarCRM Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. network low complexity sugarcrm critical	10.0
2005-01-10	CVE-2004-1226	Information Disclosure vulnerability in SugarCRM SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter. network low complexity sugarcrm	5.0
2005-01-10	CVE-2004-1225	Input Validation vulnerability in SugarCRM SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality. network low complexity sugarcrm critical	10.0
2005-01-01	CVE-2005-0266	Cross-Site Scripting vulnerability in SugarCRM Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter. network sugarcrm	4.3

Vulnerabilities > Sugarcrm {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Sugarcrm"}]}

Vulnerabilities > Sugarcrm