PT-2008-3562 · Sugarcrm · Sugar Community Edition

Roberto Suggi Liverani

Published

2008-05-01

Updated

2018-10-11

CVE-2008-2045

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SugarCRM Sugar Community Edition versions 4.5.1 through 5.0.0

Description The issue allows remote attackers to read arbitrary files via a full path in the URL parameter to "modules/Feeds/Feed.php". This places the contents into a related cache file in the ".cache/feeds" directory.

Recommendations For SugarCRM Sugar Community Edition versions 4.5.1 through 5.0.0, consider restricting access to the "modules/Feeds/Feed.php" endpoint until a patch is available. Avoid using the full path in the URL parameter to prevent exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2008-2045

Affected Products

Sugar Community Edition

PT-2008-3562 · Sugarcrm · Sugar Community Edition

CVE-2008-2045

Weakness Enumeration

Related Identifiers

Affected Products

References · 13