Description
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user.
Remediation
References
Related Vulnerabilities
MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-4624)
WordPress Plugin MapSVG Lite Arbitrary File Upload (4.2.4)
phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4729)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1099)
WordPress Plugin WordPress File Upload Multiple Vulnerabilities (2.7.6)