6.4

CVE-2006-2460

Exploit
Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SugarcrmSugarcrm Version3.5
SugarcrmSugarcrm Version4.0
SugarcrmSugarcrm Version4.1
SugarcrmSugarcrm Version4.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.01% 0.95
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://retrogod.altervista.org/sugar_suite_42_incl_xpl.html
Exploit
http://secunia.com/advisories/20072
Vendor Advisory
http://securityreason.com/securityalert/921
http://securitytracker.com/id?1016087
Exploit
http://www.osvdb.org/25532
http://www.securityfocus.com/archive/1/434009/100/0/threaded
http://www.securityfocus.com/bid/17987
Exploit
http://www.vupen.com/english/advisories/2006/1791
https://exchange.xforce.ibmcloud.com/vulnerabilities/26451
https://www.exploit-db.com/exploits/1785