Lucene search

K
cve[email protected]CVE-2006-2460
HistoryMay 19, 2006 - 10:02 a.m.

CVE-2006-2460

2006-05-1910:02:00
web.nvd.nist.gov
24
cve-2006-2460
sugar suite open source
sugarcrm
register_globals
remote code execution
directory traversal
php remote file inclusion
nvd

6.9 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.032 Low

EPSS

Percentile

91.2%

Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter.

Affected configurations

NVD
Node
sugarcrmsugarcrmMatch3.5
OR
sugarcrmsugarcrmMatch4.0
OR
sugarcrmsugarcrmMatch4.1
OR
sugarcrmsugarcrmMatch4.2

6.9 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.032 Low

EPSS

Percentile

91.2%

Related for CVE-2006-2460