Sugarcrm : Security Vulnerabilities, CVEs, Published In 2005 (Directory traversal)

CVE-2005-4086

Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter.
Max CVSS
5.0
EPSS Score
0.97%
Published
2005-12-08
Updated
2011-03-08

CVE-2004-1227

Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts.
Max CVSS
10.0
EPSS Score
4.06%
Published
2005-01-10
Updated
2017-07-11
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close