Description

Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote attackers to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache file in the .cache/feeds directory.

Remediation

References

CVE-2008-2045

Related Vulnerabilities

WordPress Plugin Pods-Custom Content Types and Fields Multiple Cross-Site Scripting Vulnerabilities (2.7.28)

WordPress Plugin Shared Files-Easy Download Manager and File Sharing with Frontend File Upload Cross-Site Scripting (1.6.56)

WordPress Other Vulnerability (CVE-2007-4154)

WordPress 5.1.x Cross-Site Request Forgery (5.1)

Moodle CVE-2023-23923 Vulnerability (CVE-2023-23923)

Severity

Medium

Classification

CVE-2008-2045 CWE-22

Tags

Missing Update Known Vulnerabilities