PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sugar_suite | Sugarcrm | 3.5 (including) | 3.5 (including) |
| Sugar_suite | Sugarcrm | 4.0_beta (including) | 4.0_beta (including) |
References
- http://securityreason.com/securityalert/239
- http://www.securityfocus.com/archive/1/418840
- http://www.securityfocus.com/bid/15760
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23541
- http://securityreason.com/securityalert/239
- http://www.securityfocus.com/archive/1/418840
- http://www.securityfocus.com/bid/15760
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23541