Description

SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter.

Remediation

References

CVE-2004-1226

Related Vulnerabilities

Jetty Improper Resource Shutdown or Release Vulnerability (CVE-2022-2191)

MySQL CVE-2023-22066 Vulnerability (CVE-2023-22066)

WordPress 4.6.x PHP Object Injection (4.6 - 4.6.20)

WordPress Plugin File Manager Directory Traversal (7.2.5)

Jenkins Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-21607)

Severity

Medium

Classification

CVE-2004-1226

Tags

Missing Update Known Vulnerabilities