CVE-2004-1227
SugarCRM 1.x/2.0 Module - Traversal Arbitrary File Access
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-11-23 First Exploit
- 2004-12-14 CVE Reserved
- 2004-12-15 CVE Published
- 2024-08-08 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=110295433323795&w=2 | Mailing List | |
| http://www.gulftech.org/?node=research&article_id=00053-120104 | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18326 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/24769 | 2004-11-23 | |
| http://www.securityfocus.com/bid/11740 | 2024-08-08 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sugarcrm Search vendor "Sugarcrm" | Sugar Sales Search vendor "Sugarcrm" for product "Sugar Sales" | <= 2.0.1c Search vendor "Sugarcrm" for product "Sugar Sales" and version " <= 2.0.1c" | - |
Affected
| ||||||