Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote malicious users to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache file in the .cache/feeds directory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sugarcrm sugarcrm 4.5.1 |
||
sugarcrm sugarcrm 5.0.0 |