sugarsales 1.x/2.0 – Multiple Vulnerabilities

19次阅读
没有评论

sugarsales 1.x/2.0 – Multiple Vulnerabilities

漏洞ID 1054793 漏洞类型
发布时间 2004-12-13 更新时间 2004-12-13
sugarsales 1.x/2.0 - Multiple VulnerabilitiesCVE编号 N/A
sugarsales 1.x/2.0 - Multiple VulnerabilitiesCNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/24823
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/11896/info

Multiple remote vulnerabilities are reported to exist in SugarSales.

The first reported issue is an SQL injection vulnerability. This vulnerability is due to a lack of proper input-validation by the application, prior to utilizing attacker-supplied data in and SQL query.

This vulnerability is reported to exist in versions prior to 2.0.1a.

The next issue is reportedly a directory traversal vulnerability. This vulnerability is also due to a lack of proper input-validation by the application.

The last reported issue is a remote denial of service and information disclosure vulnerability.

The directory traversal and installation script vulnerabilities reportedly exist in all current versions of SugarSales.

To log into SugarSales, utilize the username "admin' or 1=1 -- " with any password.

To disclose the contents of potentially sensitive files:
http://www.example.com/sugarcrm/modules/Users/Login.php?theme=/../../../etc/hosts%00
http://www.example.com/sugarcrm/modules/Calls/index.php?theme=/../../../etc/hosts%00

相关推荐: MiniHTTPServer WebForums Forum HTML Injection Vulnerability

MiniHTTPServer WebForums Forum HTML Injection Vulnerability 漏洞ID 1099459 漏洞类型 Input Validation Error 发布时间 2003-10-06 更新时间 2003-10-…

正文完
 0