Detections
Analytics

SugarCRM <= 4.0 beta acceptDecline.php Remote File Inclusion

high Nessus Plugin ID 20286

Language:

Synopsis

The remote web server contains a PHP script that is prone to multiple flaws.

Description

SugarCRM is a Customer Relationship Manager written in PHP.

The version of SugarCRM installed on the remote host does not properly sanitize user input in the 'beanFiles[]' parameter in the 'acceptDecline.php' file. A attacker can use this flaw to display sensitive information and to include malicious code to execute arbitrary commands.

This vulnerability is exploitable if 'register_globals' is enabled.

Solution

Upgrade to Sugar Suite version 3.5.1e and/or disable PHP's 'register_globals' setting.

See Also

http://retrogod.altervista.org/sugar_suite_40beta.html

https://marc.info/?l=bugtraq&m=113397762406598&w=2

Plugin Details

Severity: High

ID: 20286

File Name: sugarcrm_remote_file_inclusion.nasl

Version: 1.23

Type: remote

Family: CGI abuses

Published: 12/10/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/sugarcrm

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 12/7/2005

Reference Information

CVE: CVE-2005-4086, CVE-2005-4087

BID: 15760