Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2006-05-19T10:00:00
Updated: 2018-10-18T14:57:01
Reserved: 2006-05-19T00:00:00
Link: CVE-2006-2460
JSON object: View
NVD Information
Status : Modified
Published: 2006-05-19T10:02:00.000
Modified: 2018-10-18T16:40:16.057
Link: CVE-2006-2460
JSON object: View
Redhat Information
No data.
CWE