CVE-2005-4086

high

Description

Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter.

References

http://www.vupen.com/english/advisories/2005/2800

http://securitytracker.com/id?1015322

http://secunia.com/advisories/17948

http://rgod.altervista.org/sugar_suite_40beta.html

Details

Source: Mitre, NVD

Published: 2005-12-08

Updated: 2011-03-08

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High