Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4086

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-4086
Last Modified 07 Mar 2011 09:27:40
Published 08 Dec 2005 06:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4086

Summary

Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter.

Vulnerable Systems

Application

  • Sugarcrm Sugar Suite 3.5

  • Sugarcrm Sugar Suite 4.0 Beta


References

VUPEN - ADV-2005-2800

BID - 15760

BUGTRAQ - 20051207 SugarSuite Open Source <= 4.0beta Remote code execution

SECTRACK - 1015322

SECUNIA - 17948

MISC - http://rgod.altervista.org/sugar_suite_40beta.html


Last Updated: 27 May 2016 10:41:11