Lucene search

Ubuntu.comUB:CVE-2009-2146

HistoryJun 22, 2009 - 12:00 a.m.

CVE-2009-2146

2009-06-2200:00:00

ubuntu.com

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.5%

JSON

Unrestricted file upload vulnerability in the Compose Email feature in the
Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows
remote authenticated users to execute arbitrary code by uploading a file
with only an extension in its name, then accessing the file via a direct
request to a modified filename under cache/modules/Emails/, as demonstrated
using .php as the entire original name.

References

launchpad.net/bugs/cve/CVE-2009-2146

nvd.nist.gov/vuln/detail/CVE-2009-2146

security-tracker.debian.org/tracker/CVE-2009-2146

www.cve.org/CVERecord?id=CVE-2009-2146

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.5%

JSON

Related for UB:CVE-2009-2146