Security Advisory

CVE-2004-1227

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2004-12-15 05:00:00

Last updated 2024-08-08 00:46:12

Assigner mitre

State PUBLISHED

Description

Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts.

← Browse all CVEs View on cve.org ↗