6

CVE-2009-2146

Exploit

EPSS 9.01%
Veröffentlicht 22.06.2009 14:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct request to a modified filename under cache/modules/Emails/, as demonstrated using .php as the entire original name.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sugarcrm ≫ Sugarcrm Editionsugar_community_edition Version <= 5.2e

Sugarcrm ≫ Sugarcrm Version5.0.0 Editionsugar_community_edition

Sugarcrm ≫ Sugarcrm Version5.0.0h Editionsugar_community_edition

Sugarcrm ≫ Sugarcrm Version5.0.0k Editionsugar_community_edition

Sugarcrm ≫ Sugarcrm Version5.1.0 Editionsugar_community_edition

Sugarcrm ≫ Sugarcrm Version5.1.0-beta Editionsugar_community_edition

Sugarcrm ≫ Sugarcrm Version5.1c Editionsugar_community_edition

Sugarcrm ≫ Sugarcrm Version5.2c Editionsugar_community_edition

Sugarcrm ≫ Sugarcrm Version5.2d Editionsugar_community_edition

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.01%	0.924

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6	6.8	6.4	AV:N/AC:M/Au:S/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://secunia.com/advisories/35445

Vendor Advisory

http://www.securityfocus.com/bid/35361

Exploit

http://www.sugarforge.org/frs/download.php/5598/Sugar_CommunityEdition_ReleaseNotes_5.2f.pdf

http://www.ush.it/team/ush/hack-sugarcrm_520e/adv.txt

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2009-2146

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2146

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2146

EUVD