Unrated severityNVD Advisory· Published Jan 10, 2005· Updated Apr 16, 2026

CVE-2004-1227

Description

Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts.

Affected products

Sugarcrm/Sugar Sales
cpe:2.3:a:sugarcrm:sugar_sales:*:*:*:*:*:*:*:*
Range: <=2.0.1c

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/11740nvdExploitVendor Advisory
marc.infonvd
www.gulftech.orgnvd
exchange.xforce.ibmcloud.com/vulnerabilities/18326nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000