Vulnerabilities > Sugarcrm > Sugarcrm

DATE CVE VULNERABILITY TITLE RISK
2005-01-10 CVE-2004-1225 Input Validation vulnerability in SugarCRM
SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality.
network
low complexity
sugarcrm
critical
 10.0
10
2005-01-01 CVE-2005-0266 Cross-Site Scripting vulnerability in SugarCRM
Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter.
network
sugarcrm
4.3
4.3