pointslash

2 exploits Active since Dec 2005
CVE-2005-4087 EXPLOITDB c WORKING POC
Sugar Suite < 4.0 beta - Remote Code Execution via acceptDecline.php beanFiles Parameter
PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter.
CVE-2005-4086 EXPLOITDB c WORKING POC
Sugar Suite < 4.0 beta - Directory Traversal via acceptDecline.php beanFiles Parameter
Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter.