Vulnerability Description
SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sugarcrm | Sugarcrm | 1.0 |
References
- http://marc.info/?l=bugtraq&m=110295433323795&w=2
- http://www.gulftech.org/?node=research&article_id=00053-120104
- http://www.securityfocus.com/bid/11740ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18325
- http://marc.info/?l=bugtraq&m=110295433323795&w=2
- http://www.gulftech.org/?node=research&article_id=00053-120104
- http://www.securityfocus.com/bid/11740ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18325
FAQ
What is CVE-2004-1225?
CVE-2004-1225 is a vulnerability with a CVSS score of 10.0 (HIGH). SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index...
How severe is CVE-2004-1225?
CVE-2004-1225 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1225?
Check the references section above for vendor advisories and patch information. Affected products include: Sugarcrm Sugarcrm.