EIP-2026-112470

PRE-CVE

Sugar CRM 5.5.0.rc2/5.2.0j - Multiple Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112470. PoCs published by waraxe.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in SugarCRM, including SQL injection, unauthorized access, file inclusion, and remote code execution. It provides specific URI examples to exploit these issues, targeting various modules in SugarCRM versions 5.2.0j and 5.5.0.RC2.

Description

Sugar CRM 5.5.0.rc2/5.2.0j - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED
by waraxe · textwebappsphp
https://www.exploit-db.com/exploits/10248

The exploit demonstrates multiple vulnerabilities in SugarCRM, including SQL injection, unauthorized access, file inclusion, and remote code execution. It provides specific URI examples to exploit these issues, targeting various modules in SugarCRM versions 5.2.0j and 5.5.0.RC2.

Classification
Working Poc 90%
Attack Type
Sqli | Auth Bypass | Rce | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: SugarCRM 5.2.0j, SugarCRM 5.5.0.RC2
No auth needed
Prerequisites: Network access to the target SugarCRM instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026