{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T07:41:42.821","vulnerabilities":[{"cve":{"id":"CVE-2008-2045","sourceIdentifier":"cve@mitre.org","published":"2008-05-01T19:05:00.000","lastModified":"2026-04-23T00:35:47.467","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote attackers to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache file in the .cache/feeds directory."},{"lang":"es","value":"Vulnerabilidad de salto de ruta absoluta en SugarCRM Sugar Community Edition 4.5.1 y 5.0.0, permite a atacantes remotos leer los ficheros que deseen escribiendo una ruta completa en el parámetro URL de modules/Feeds/Feed.php, esto guarda el contenido en un fichero de caché relacionado, en el directorio .cache/feeds."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sugarcrm:sugarcrm:4.5.1:*:community_edition:*:*:*:*:*","matchCriteriaId":"D0D2A567-7389-4984-BE45-414BB37CCFD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:sugarcrm:sugarcrm:5.0.0:*:community_edition:*:*:*:*:*","matchCriteriaId":"6B389680-9097-4034-9590-4F172EFFEF2E"}]}]}],"references":[{"url":"http://secunia.com/advisories/30002","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://securityreason.com/securityalert/3844","source":"cve@mitre.org"},{"url":"http://www.security-assessment.com/files/advisories/2008-04-29_SugarCRM_local_file_disclosure.pdf","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/491417/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/28981","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.sugarcrm.com/docs/Release_Notes/CommunityEdition_ReleaseNotes_5.0d/Sugar_Release_Notes_5.0d.2.6.html","source":"cve@mitre.org"},{"url":"http://www.sugarcrm.com/forums/showthread.php?t=31688","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.sugarcrm.com/forums/showthread.php?t=32252","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.vupen.com/english/advisories/2008/1388/references","source":"cve@mitre.org"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/42087","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/5521","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/30002","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://securityreason.com/securityalert/3844","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.security-assessment.com/files/advisories/2008-04-29_SugarCRM_local_file_disclosure.pdf","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/491417/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/28981","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://www.sugarcrm.com/docs/Release_Notes/CommunityEdition_ReleaseNotes_5.0d/Sugar_Release_Notes_5.0d.2.6.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.sugarcrm.com/forums/showthread.php?t=31688","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://www.sugarcrm.com/forums/showthread.php?t=32252","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://www.vupen.com/english/advisories/2008/1388/references","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/42087","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/5521","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}