CyberSec.Space Logo
CVEブラウザに戻る

CVE-2005-4086

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.0870%
EPSS Percentile39.59th
Published2005年12月8日
Last Modified2026年4月16日

Vulnerability Description

Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter.

Affected Platforms (CPE)

📦
Sugarcrm

Sugar Suite

= 3.5
📦
Sugarcrm

Sugar Suite

= 4.0_beta

References & Advisories

🔗 http://rgod.altervista.org/sugar_suite_40beta.html
🔗 http://secunia.com/advisories/17948
🔗 http://securitytracker.com/id?1015322
🔗 http://www.securityfocus.com/archive/1/418840
🔗 http://www.securityfocus.com/bid/15760
🔗 http://www.vupen.com/english/advisories/2005/2800
🔗 http://rgod.altervista.org/sugar_suite_40beta.html
🔗 http://secunia.com/advisories/17948

関連する脆弱性情報

CVE-2005-40877.5

PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) ...

CVE-2006-50827.5

Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before 4.2.1 Patch C (20060917) has unspecified impact, related to...

CVE-2006-24606.4

Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as ...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...