CVE-2005-4086

Sugarcrm Sugar Suite - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by pointslash · cwebappsphp

https://www.exploit-db.com/exploits/1364

View Code ZIP pw:eip

exploitdb WORKING POC

phpwebappsphp

https://www.exploit-db.com/exploits/1359

View Code ZIP pw:eip

References (6)

[Various Sources] http://rgod.altervista.org/sugar_suite_40beta.html

[Exploit] http://www.securityfocus.com/archive/1/418840

[Exploit] http://www.securityfocus.com/bid/15760

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1015322

[Third Party Advisory] http://secunia.com/advisories/17948

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/2800

Scores

EPSS 0.1256

EPSS Percentile 94.0%

Details

Status published

Products (2)

sugarcrm/sugar_suite 3.5

sugarcrm/sugar_suite 4.0_beta

Published Dec 08, 2005

Tracked Since Feb 18, 2026