PT-2004-2176 · Sugarcrm · Sugarcrm Sugar Sales

Damon Wood

Published

2004-12-15

Updated

2017-07-11

CVE-2004-1228

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions: SugarCRM Sugar Sales versions 2.0.1c and earlier

Description: The issue arises from the install scripts not being removed after installation, allowing attackers to obtain the MySQL administrative password in cleartext or cause a denial of service by altering database settings to their default values.

Recommendations: For SugarCRM Sugar Sales versions 2.0.1c and earlier, remove the install scripts after installation to prevent potential attacks.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1228

Affected Products

Sugarcrm Sugar Sales

PT-2004-2176 · Sugarcrm · Sugarcrm Sugar Sales

CVE-2004-1228

Related Identifiers

Affected Products

References · 3