CVE-2004-1227

Sažetak

Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts.

Reference

http://marc.info/?l=bugtraq&m=110295433323795&w=2
http://www.gulftech.org/?node=research&article_id=00053-120104
http://www.securityfocus.com/bid/11740
https://exchange.xforce.ibmcloud.com/vulnerabilities/18326

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

11-07-2017 - 01:30

Objavljeno

10-01-2005 - 05:00