Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2045

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-2045
Last Modified 07 Mar 2011 10:08:37
Published 01 May 2008 03:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2045

Summary

Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote attackers to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache file in the .cache/feeds directory.

Vulnerable Systems

Application

  • Sugarcrm 4.5.1

  • Sugarcrm 5.0.0


References

CONFIRM - http://www.sugarcrm.com/forums/showthread.php?t=32252

CONFIRM - http://www.sugarcrm.com/forums/showthread.php?t=31688

BID - 28981

SECUNIA - 30002

XF - sugar-feed-information-disclosure(42087)

VUPEN - ADV-2008-1388

CONFIRM - http://www.sugarcrm.com/docs/Release_Notes/CommunityEdition_ReleaseNotes_5.0d/Sugar_Release_Notes_5.0d.2.6.html

BUGTRAQ - 20080429 SugarCRM Community Edition Local File Disclosure Vulnerability

MISC - http://www.security-assessment.com/files/advisories/2008-04-29_SugarCRM_local_file_disclosure.pdf

MILW0RM - 5521

SREASON - 3844


Last Updated: 27 May 2016 10:47:44