CVE-2005-4086 Information

Description

Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ..\ sequences in the beanFiles array parameter.

Reference

http://rgod.altervista.org/sugar_suite_40beta.html http://secunia.com/advisories/17948 http://securitytracker.com/id?1015322 http://www.securityfocus.com/archive/1/418840 http://www.securityfocus.com/bid/15760 http://www.vupen.com/english/advisories/2005/2800