SugarCRM Remote Code Execution exploit and how to fix?

**boratti** · 2009-07-27, 07:24 AM

Hi all,

I saw an exploit at http://www.ush.it/team/ush/hack-sugarcrm_520e/adv.txt for SugarCRM version (5.2.0e and earlier).
SugarCRM vendors have adviced to upgrade 5.2.0f.

How can we fix this bug without upgrade?

Best Regards.

**boratti** · 2009-07-27, 08:49 AM

I fixed the problem copying the function "safeAttachmentName" from email.php (version 5.2.0f) to earlier version (5.2.0a).

Good weeks.

Thread: SugarCRM Remote Code Execution exploit and how to fix?

LinkBack

Thread Tools

Search Thread

Display

SugarCRM Remote Code Execution exploit and how to fix?

Re: SugarCRM Remote Code Execution exploit and how to fix?

Thread Information

Users Browsing this Thread

Similar Threads

Accessing sugarcrm database at remote host

Need Remote SugarCRM Programmer $30.00 per hour

We require a remote developer to code and implement a non standard workflow process

RESOLVED: Using a remote MySQL database with SugarCRM

need code for remote recursive chmod for modules

Bookmarks

Bookmarks

Posting Permissions