CyberSec.Space Logo
Back to CVE Browser

CVE-2005-4086

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.0870%
EPSS Percentile39.59th
PublishedDec 8, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter.

Affected Platforms (CPE)

πŸ“¦
Sugarcrm

Sugar Suite

= 3.5
πŸ“¦
Sugarcrm

Sugar Suite

= 4.0_beta

References & Advisories

πŸ”— http://rgod.altervista.org/sugar_suite_40beta.html
πŸ”— http://secunia.com/advisories/17948
πŸ”— http://securitytracker.com/id?1015322
πŸ”— http://www.securityfocus.com/archive/1/418840
πŸ”— http://www.securityfocus.com/bid/15760
πŸ”— http://www.vupen.com/english/advisories/2005/2800
πŸ”— http://rgod.altervista.org/sugar_suite_40beta.html
πŸ”— http://secunia.com/advisories/17948

Related Vulnerabilities

CVE-2005-40877.5

PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) ...

CVE-2006-50827.5

Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before 4.2.1 Patch C (20060917) has unspecified impact, related to...

CVE-2006-24606.4

Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as ...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...