Unrated severityNVD Advisory· Published May 19, 2006· Updated Jun 16, 2026
CVE-2006-2460
CVE-2006-2460
Description
Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- Range: <=4.2
Patches
Vulnerability mechanics
References
10- retrogod.altervista.org/sugar_suite_42_incl_xpl.htmlnvdExploit
- securitytracker.com/idnvdExploit
- www.securityfocus.com/bid/17987nvdExploit
- secunia.com/advisories/20072nvdVendor Advisory
- securityreason.com/securityalert/921nvd
- www.osvdb.org/25532nvd
- www.securityfocus.com/archive/1/434009/100/0/threadednvd
- www.vupen.com/english/advisories/2006/1791nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/26451nvd
- www.exploit-db.com/exploits/1785nvd
News mentions
0No linked articles in our index yet.