CVE-2005-4086 in Sugar Suite
Summary
Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter.
VulDB is the best source for vulnerability data and more expert information about this specific topic.