Description

SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter.

Remediation

References

CVE-2004-1226

Related Vulnerabilities

WordPress Plugin Image Rotator Cross-Site Scripting (1.0)

WordPress Plugin Fileviewer Cross-Site Request Forgery (2.2)

TYPO3 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-30451)

WordPress Plugin Visual Composer:Page Builder for WordPress Multiple Cross-Site Scripting Vulnerabilities (4.7.3)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-3395)

Severity

Medium

Classification

CVE-2004-1226

Tags

Missing Update Known Vulnerabilities