CVE-2004-1226

SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter.

Published: Jan 10, 2005
Updated: Apr 13, 2023
CVE: CVE-2004-1226
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
sugarcrm / sugarcrm	-	2.0.1c.x

http://marc.info/?l=bugtraq&m=110295433323795&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/18447

Vulnerability Database

CVE-2004-1226