Hi all -

A security vulnerability to SugarCRM was posted at http://www.securitytracker.com/alert...c/1015322.html.

Issue:
If the PHP configuration settings register_globals and allow_url_fopen are enabled on the system you are running SugarCRM, this vulnerability allows a remote user to execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.

Solution:
We first highly recommend turning off register_globals on your system.

Also, we have just released the 3.5.1e and the 3.0.1c patches to address this vulnerability in the SugarCRM source code.

Please see this post for more details: http://www.sugarcrm.com/forums/showthread.php?t=7438

Regards,
Clint