CVE-2004-1227
First published: Wed Dec 15 2004(Updated: )
Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SugarCRM | <=2.0.1c |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-1227?
CVE-2004-1227 is classified as a high severity vulnerability due to its potential for unauthorized access to sensitive files.
How do I fix CVE-2004-1227?
To fix CVE-2004-1227, upgrade to a later version of SugarCRM that is not affected by this vulnerability.
What versions are affected by CVE-2004-1227?
CVE-2004-1227 affects SugarCRM Sugar Sales 2.0.1c and earlier versions.
Can CVE-2004-1227 allow for remote code execution?
Yes, CVE-2004-1227 may allow attackers to read arbitrary files and execute PHP code remotely.
What types of input parameters are exploited in CVE-2004-1227?
CVE-2004-1227 can be exploited through the module, action, or theme parameters in index.php and Login.php.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/sugarcrm
- canonical/sugarcrm
- version/sugarcrm/2.0.1c