| VID |
21898 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Sugar Suite software is vulnerable to multiple vulnerabilities which exist in versions 2.0.1c and earlier. Sugar Suite is a customer relationship management (CRM) software package written in PHP. Sugar Suite version 2.0.1c and earlier versions are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to disclose sensitive information, and to conduct SQL injection and local / remote file include attacks. A remote attacker who successfully exploited the most severe of these vulnerabilities could execute arbitrary system commands on the vulnerable system.
* References:
http://archives.neohapsis.com/archives/bugtraq/2004-12/0112.html
* Platforms Affected:
SugarCRM Inc, Sugar Sales version 2.0.1c and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Sugar Suite (3.5.1e or 4.2.0 or later), available from the SugarCRM Download Web site at http://www.sugarcrm.com/crm/download/sugar-suite.html |
| Related URL |
CVE-2004-1228 (CVE) |
| Related URL |
11896 (SecurityFocus) |
| Related URL |
18446,18447,18448,18449 (ISS) |
|
