← back
CVE-2004-1227

CVE-2004-1227

EPSS 4.2%
Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/24769unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=bugtraq&m=110295433323795&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/18326http://www.gulftech.org/?node=research&article_id=00053-120104http://www.securityfocus.com/bid/11740