cbcvebase.
CVE-2004-1228
published 2005-01-10

CVE-2004-1228: The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative…

PriorityP418medium6.4CVSS 2.0
AVNACLAuNCPINAP
EPSS
1.16%
63.3th percentile
The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default.

Affected

1 ranges
VendorProductVersion rangeFixed in
sugarcrmsugar_sales<= 2.0.1c
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.