CVE-2005-4087

SugarCRM <4.0 - RCE

Title source: llm

Description

PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1359

View Code ZIP pw:eip

exploitdb WORKING POC

cwebappsphp

https://www.exploit-db.com/exploits/1364

View Code ZIP pw:eip

References (4)

[Exploit] http://www.securityfocus.com/archive/1/418840

[Exploit] http://www.securityfocus.com/bid/15760

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/23541

[Third Party Advisory] http://securityreason.com/securityalert/239

Scores

EPSS 0.0360

EPSS Percentile 87.8%

Details

Status published

Products (2)

sugarcrm/sugar_suite 3.5

sugarcrm/sugar_suite 4.0_beta

Published Dec 08, 2005

Tracked Since Feb 18, 2026