Family: CGI abuses --> Category: attack
SugarCRM <= 4.0 beta Remote File Inclusion Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Check if SugarCRM is vulnerable to Directory Traversal and Remote File Inclusion
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is prone to
SugarCRM is a Customer Relationship Manager written in PHP.
The version of SugarCRM installed on the remote host
does not properly sanitize user input
in the 'beanFiles' parameter in the 'acceptDecline.php'
file. A attacker can use this flaw to display sensitive
information and to include malicious code wich can be used
to execute arbitrary commands.
This vulnerability exists if 'register_globals' is enabled.
See also :
Upgrade to Sugar Suite version 3.5.1e and/or disable PHP's
Medium / CVSS Base Score : 4.9
Click HERE for more information and discussions on this network vulnerability scan.