CVE-2009-2146
SugarCRM < 5.2f - Authenticated Remote Code Execution via Compose Email File Upload
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2009-2146. PoCs published by USH.
AI-analyzed exploit summary This advisory details a remote code execution vulnerability in SugarCRM 5.2.0e, where a flawed file extension validation routine allows attackers to upload malicious PHP files by exploiting a logic error in the `safeAttachmentName` function. The writeup provides a step-by-step explanation of the vulnerability, its exploitation, and mitigation.
Description
Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct request to a modified filename under cache/modules/Emails/, as demonstrated using .php as the entire original name.
Exploits (1)
This advisory details a remote code execution vulnerability in SugarCRM 5.2.0e, where a flawed file extension validation routine allows attackers to upload malicious PHP files by exploiting a logic error in the `safeAttachmentName` function. The writeup provides a step-by-step explanation of the vulnerability, its exploitation, and mitigation.