CVE-2004-1225

Properties

Published:
09.01.2005
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:C/I:C/A:C/B:N) Approximated
Product:
SugarCRM: SugarCRM
SugarCRM: SugarCRM
SugarCRM: SugarCRM
SugarCRM: SugarCRM
SugarCRM: SugarCRM
SugarCRM: SugarCRM
SugarCRM: SugarCRM
SugarCRM: SugarCRM
SugarCRM: SugarCRM
SugarCRM: SugarCRM
SugarCRM: SugarCRM
SugarCRM: SugarCRM
SugarCRM: SugarCRM

Vulnerability description

SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality.

References:

Security Focus: http://www.securityfocus.com/bid/11740
ISS X-Force: http://xforce.iss.net/xforce/xfdb/18325
Bugtraq: http://marc.theaimsgroup.com/?l=bugtraq&m=110295433323795&w=2
BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=110295433323795&w=2
MISC: http://www.gulftech.org/?node=research&article_id=00053-120104