6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.027 Low
EPSS
Percentile
90.5%
Unrestricted file upload vulnerability in the Compose Email feature in the
Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows
remote authenticated users to execute arbitrary code by uploading a file
with only an extension in its name, then accessing the file via a direct
request to a modified filename under cache/modules/Emails/, as demonstrated
using .php as the entire original name.