QwikSec

Security Database

CVE

CWE

Training

CVE-2008-2045

Published: May 1, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote attackers to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache file in the .cache/feeds directory.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20080429 SugarCRM Community Edition Local File Disclosure Vulnerability

mailing-list

x_refsource_BUGTRAQ

http://www.sugarcrm.com/forums/showthread.php?t=31688

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

http://www.sugarcrm.com/forums/showthread.php?t=32252

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

http://www.sugarcrm.com/docs/Release_Notes/CommunityEdition_ReleaseNotes_5.0d/Sugar_Release_Notes_5.0d.2.6.html

x_refsource_CONFIRM

third-party-advisory

x_refsource_SREASON

third-party-advisory

x_refsource_SECUNIA

sugar-feed-information-disclosure(42087)

vdb-entry

x_refsource_XF

http://www.security-assessment.com/files/advisories/2008-04-29_SugarCRM_local_file_disclosure.pdf

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.