CVE-2008-2045

Public Exploit

Description

Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote attackers to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache file in the .cache/feeds directory.

References

Link	Tags
http://www.securityfocus.com/archive/1/491417/100/0/threaded	mailing list
http://www.sugarcrm.com/forums/showthread.php?t=31688	patch
http://www.securityfocus.com/bid/28981	vdb entry patch
http://www.sugarcrm.com/forums/showthread.php?t=32252	patch
http://www.vupen.com/english/advisories/2008/1388/references	vdb entry
http://www.sugarcrm.com/docs/Release_Notes/CommunityEdition_ReleaseNotes_5.0d/Sugar_Release_Notes_5.0d.2.6.html
http://securityreason.com/securityalert/3844	third party advisory
http://secunia.com/advisories/30002	third party advisory patch vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42087	vdb entry
http://www.security-assessment.com/files/advisories/2008-04-29_SugarCRM_local_file_disclosure.pdf
https://www.exploit-db.com/exploits/5521	exploit

Frequently Asked Questions

What is the severity of CVE-2008-2045?: CVE-2008-2045 has been scored as a medium severity vulnerability.
How to fix CVE-2008-2045?: To fix CVE-2008-2045, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2008-2045 being actively exploited in the wild?: It is possible that CVE-2008-2045 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~9% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-22 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

References

Frequently Asked Questions