CVE-2005-4086

Sažetak

Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter.

Reference

http://rgod.altervista.org/sugar_suite_40beta.html
http://secunia.com/advisories/17948
http://securitytracker.com/id?1015322
http://www.securityfocus.com/archive/1/418840
http://www.securityfocus.com/bid/15760
http://www.vupen.com/english/advisories/2005/2800

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

08-03-2011 - 02:27

Objavljeno

08-12-2005 - 11:03