Описание
The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default.
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.1c (включая)
cpe:2.3:a:sugarcrm:sugar_sales:*:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00406
Низкий
6.4 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
больше 20 лет назад
The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not ...
github
больше 3 лет назад
The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default.
EPSS
Процентиль: 60%
0.00406
Низкий
6.4 Medium
CVSS2
Дефекты
NVD-CWE-Other