Vulnerability Details CVE-2005-4086
Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.106
EPSS Ranking 92.9%
CVSS Severity
CVSS v2 Score 5.0
References
- http://rgod.altervista.org/sugar_suite_40beta.html
- http://secunia.com/advisories/17948
- http://securitytracker.com/id?1015322
- http://www.securityfocus.com/archive/1/418840
- http://www.securityfocus.com/bid/15760
- http://www.vupen.com/english/advisories/2005/2800
- http://rgod.altervista.org/sugar_suite_40beta.html
- http://secunia.com/advisories/17948
- http://securitytracker.com/id?1015322
- http://www.securityfocus.com/archive/1/418840
- http://www.securityfocus.com/bid/15760
- http://www.vupen.com/english/advisories/2005/2800
Products affected by CVE-2005-4086
-
cpe:2.3:a:sugarcrm:sugar_suite:3.5
-
cpe:2.3:a:sugarcrm:sugar_suite:4.0_beta