Description

SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality.

Remediation

References

CVE-2004-1225

Related Vulnerabilities

Apache Traffic Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9518)

WordPress Plugin Pressbooks Textbook Cross-Site Scripting (1.2.5)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-2718)

WordPress 3.0.3 KSES Library Cross-Site Scripting Vulnerability (0.6.2 - 3.0.3)

WordPress Plugin MapSVG Lite Cross-Site Request Forgery (4.2.4)

Severity

Critical

Classification

CVE-2004-1225

Tags

Missing Update Known Vulnerabilities