CyberSec.Space Logo
Back to CVE Browser

CVE-2005-4087

HIGH
7.5
CVSS Severity Score
EPSS Score0.1230%
EPSS Percentile16.07th
PublishedDec 8, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter.

Affected Platforms (CPE)

πŸ“¦
Sugarcrm

Sugar Suite

= 3.5
πŸ“¦
Sugarcrm

Sugar Suite

= 4.0_beta

References & Advisories

πŸ”— http://securityreason.com/securityalert/239
πŸ”— http://www.securityfocus.com/archive/1/418840
πŸ”— http://www.securityfocus.com/bid/15760
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/23541
πŸ”— http://securityreason.com/securityalert/239
πŸ”— http://www.securityfocus.com/archive/1/418840
πŸ”— http://www.securityfocus.com/bid/15760
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/23541

Related Vulnerabilities

CVE-2006-50827.5

Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before 4.2.1 Patch C (20060917) has unspecified impact, related to...

CVE-2006-24606.4

Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as ...

CVE-2005-40865.0

Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 ...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...