Vulnerabilities > Sugarcrm
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-08 | CVE-2005-4087 | Remote and Local File Include vulnerability in Sugarcrm Sugar Suite 3.5/4.0Beta PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter. | 7.5 |
2005-12-08 | CVE-2005-4086 | Remote and Local File Include vulnerability in Sugarcrm Sugar Suite 3.5/4.0Beta Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter. | 5.0 |
2005-01-10 | CVE-2004-1228 | Denial-Of-Service vulnerability in Sugar Sales The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default. | 6.4 |
2005-01-10 | CVE-2004-1227 | Input Validation vulnerability in SugarCRM Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. | 10.0 |
2005-01-10 | CVE-2004-1226 | Information Disclosure vulnerability in SugarCRM SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter. | 5.0 |
2005-01-10 | CVE-2004-1225 | Input Validation vulnerability in SugarCRM SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality. | 10.0 |
2005-01-01 | CVE-2005-0266 | Cross-Site Scripting vulnerability in SugarCRM Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter. network sugarcrm | 4.3 |