CVE-2006-2460

SugarCRM 4.2 - Remote File Inclusion and Directory Traversal via GLOBALS Override

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2460. PoCs published by rgod.

AI-analyzed exploit summary This exploit leverages arbitrary remote file inclusion in SugarCRM Suite Open Source <= 4.2 due to improper handling of user-supplied input in the `OptimisticLock` module. It allows remote command execution by including a malicious PHP script hosted on an attacker-controlled server.

Description

Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1785

View Code ZIP pw:eip

This exploit leverages arbitrary remote file inclusion in SugarCRM Suite Open Source <= 4.2 due to improper handling of user-supplied input in the `OptimisticLock` module. It allows remote command execution by including a malicious PHP script hosted on an attacker-controlled server.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: SugarCRM Suite Open Source <= 4.2

No auth needed

Prerequisites: register_globals = On · allow_url_fopen = On (for remote inclusion)

MITRE ATT&CK