CVE-2004-1228
First published: Wed Dec 15 2004(Updated: )
The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SugarCRM | <=2.0.1c |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-1228?
CVE-2004-1228 is considered a high severity vulnerability due to its potential for exposing sensitive data and causing denial of service.
How do I fix CVE-2004-1228?
To fix CVE-2004-1228, it is essential to remove the installation scripts from the server after completing the installation of SugarCRM Sugar Sales.
What software versions are affected by CVE-2004-1228?
CVE-2004-1228 affects SugarCRM Sugar Sales version 2.0.1c and earlier.
What are the risks associated with CVE-2004-1228?
The risks associated with CVE-2004-1228 include unauthorized access to the MySQL administrative password and potential denial of service attacks.
Can CVE-2004-1228 be exploited remotely?
Yes, CVE-2004-1228 can be exploited remotely if the installation scripts are left on the server.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/sugarcrm
- canonical/sugarcrm
- version/sugarcrm/2.0.1c