News Group

Posted By: Olavo Farias
Date: 2007-11-07 12:58
Summary: Resolution for security issue
Project: Module Builder

Secunia Research ((Visit Link)) reported a security issue for Module Builder 4.5.1.c (not affiliated with the Sugar Module Builder, due to be released in Sugar 5.0) when downloading the generated install file.
The reason is a missing SugarCRM security command at the beginning of code.
The generated modules are not affected, only the development system, with this moderately critical issue.

Later versions, (named BuilderWizard) are not affected by this issue.
You can correct manually, if you have ModuleBuilder installed, adding the security line just after the < ? on file DownloadModule.php
The line is:
if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');

Latest News

New Release! February 02, 2010 - by Angel Magaña - ...

New release version 5.5.0 February 02, 2010 - by AlineaSol - ...

[News archive]

Discussion Forums:resolution-for-security-issue-on-4.5.1.c

Start New Thread

Topic	Topic Starter	Replies	Last Post

Main

Browse by application Browse by edition

Browse by version

The corporate home page of SugarCRM
Learn how Sugar can help your business succeed	Purchase products from SugarCRM
Collaborate and develop Sugar extensions	Buy and sell certified SugarCRM extensions
Download Sugar Open Source and go live in 15 minutes	Discuss SugarCRM with users from around the world