CVE-2006-2460

Name of the Vulnerable Software and Affected Versions Sugar Suite Open Source (SugarCRM) versions 4.2 and earlier

Description The issue allows remote attackers to conduct attacks, such as directory traversal or PHP remote file inclusion, by modifying critical variables like $ GLOBALS and $ SESSION when register globals is enabled. This can be achieved by altering the GLOBALS[sugarEntry] parameter.

Recommendations For Sugar Suite Open Source (SugarCRM) versions 4.2 and earlier, disable the register globals setting to prevent modification of critical variables. As a temporary workaround, consider restricting access to sensitive parameters like GLOBALS[sugarEntry] until a more permanent solution is applied.