Description
Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Product Review Lite Cross-Site Scripting (3.7.5)
WordPress Plugin Latest Posts by BestWebSoft Cross-Site Scripting (0.2)
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.23)
Oracle JRE CVE-2018-2639 Vulnerability (CVE-2018-2639)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0246)