CVE-2004-1228 : The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed a

The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default.

Published 2005-01-10 05:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2004-1228

Sugarcrm » Sugar Sales
Versions up to, including, (<=) 2.0.1c
cpe:2.3:a:sugarcrm:sugar_sales:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2004-1228

EPSS FAQ

0.41%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 58 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-1228

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:P	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial

References for CVE-2004-1228

http://marc.info/?l=bugtraq&m=110295433323795&w=2

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/18449

Sugar Sales plaintext MySQL password CVE-2004-1228 Vulnerability Report

Jump to

Vulnerability Details : CVE-2004-1228

Products affected by CVE-2004-1228

Exploit prediction scoring system (EPSS) score for CVE-2004-1228

CVSS scores for CVE-2004-1228

References for CVE-2004-1228