CVE-2004-1228

Published: Jan 10, 2005Modified: Apr 16, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:P

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default.

Affected (1)

Products: Sugarcrm: Sugar Sales

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sugarcrm Sugar Sales	Up to 2.0.1c

References (4)

http://marc.info/?l=bugtraq&m=110295433323795&w=2

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/18449

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=110295433323795&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/18449

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.