CVE-2004-1226
First published: Wed Dec 15 2004(Updated: )
SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SugarCRM | <=2.0.1c |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-1226?
The severity of CVE-2004-1226 is considered to be low as it primarily allows information disclosure without direct exploitation capabilities.
How do I fix CVE-2004-1226?
To fix CVE-2004-1226, upgrade to SugarCRM Sugar Sales version 2.0.1d or later where the vulnerability has been addressed.
What are the potential impacts of CVE-2004-1226?
The potential impacts of CVE-2004-1226 include exposure of sensitive information through error messages displayed to remote attackers.
Who is affected by CVE-2004-1226?
CVE-2004-1226 affects any deployment of SugarCRM Sugar Sales version 2.0.1c and earlier.
What type of vulnerability is CVE-2004-1226?
CVE-2004-1226 is classified as an information disclosure vulnerability.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/sugarcrm
- canonical/sugarcrm
- version/sugarcrm/2.0.1c