CVE-2005-4086 | Vulnerability Database | Aqua Security

Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via .. sequences in the beanFiles array parameter.

Affected Software

Name	Vendor	Start Version	End Version
Sugar_suite	Sugarcrm	3.5 (including)	3.5 (including)
Sugar_suite	Sugarcrm	4.0_beta (including)	4.0_beta (including)

References

http://rgod.altervista.org/sugar_suite_40beta.html
http://secunia.com/advisories/17948
http://securitytracker.com/id?1015322
http://www.securityfocus.com/archive/1/418840
http://www.securityfocus.com/bid/15760
http://www.vupen.com/english/advisories/2005/2800
http://rgod.altervista.org/sugar_suite_40beta.html
http://secunia.com/advisories/17948
http://securitytracker.com/id?1015322
http://www.securityfocus.com/archive/1/418840
http://www.securityfocus.com/bid/15760
http://www.vupen.com/english/advisories/2005/2800

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-4086
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html