Vulnerabilities > CVE-2009-2146 - Unspecified vulnerability in Sugarcrm

047910
CVSS 6.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
sugarcrm
exploit available

Summary

Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct request to a modified filename under cache/modules/Emails/, as demonstrated using .php as the entire original name.

Exploit-Db

descriptionSugarCRM 5.2.0e Remote Code Execution Vulnerability. CVE-2009-2146. Webapps exploit for php platform
idEDB-ID:8949
last seen2016-02-01
modified2009-06-15
published2009-06-15
reporterUSH
sourcehttps://www.exploit-db.com/download/8949/
titleSugarCRM 5.2.0e Remote Code Execution Vulnerability