CVE-2004-1225

Name of the Vulnerable Software and Affected Versions: SugarCRM Sugar Sales versions prior to 2.0.1a

Description: The issue allows remote attackers to execute arbitrary SQL commands and gain privileges. This is achieved via the record parameter in a DetailView action to "index.php", and record parameters in other functionality.

Recommendations: For versions prior to 2.0.1a, update to version 2.0.1a or later to resolve the issue. As a temporary workaround, consider restricting access to the DetailView action in index.php to minimize the risk of exploitation. Avoid using the record parameter in affected functionality until the issue is resolved.