CVE-2005-4086
First published: Thu Dec 08 2005(Updated: )
Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SugarCRM Sugar Suite | =3.5 | |
| SugarCRM Sugar Suite | =4.0_beta | |
| SugarCRM | =3.5 | |
| SugarCRM | =4.0_beta |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-4086?
CVE-2005-4086 is considered a high severity vulnerability due to its potential for remote file inclusion.
How do I fix CVE-2005-4086?
To fix CVE-2005-4086, upgrade to a version of SugarCRM that is not affected, such as a version after the 4.0 beta.
What systems are affected by CVE-2005-4086?
CVE-2005-4086 affects Sugar Suite versions 3.5 and 4.0 beta of SugarCRM.
Can CVE-2005-4086 lead to remote code execution?
Yes, CVE-2005-4086 may allow attackers to execute arbitrary code on the server by including local files.
What attack vectors are associated with CVE-2005-4086?
Attackers can exploit CVE-2005-4086 through manipulated requests that include directory traversal sequences.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/sugarcrm
- canonical/sugarcrm sugar suite
- version/sugarcrm sugar suite/3.5
- version/sugarcrm sugar suite/4.0_beta
- canonical/sugarcrm
- version/sugarcrm/3.5
- version/sugarcrm/4.0_beta