Lucene search
K

CVE-2021-42840

🗓️ 22 Oct 2021 18:20:23Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 122 Views🌐 WEB

SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today
SuiteCRM 7.11.18 - Remote Code Execution Exploit
17 Nov 202100:00
zdt
ATTACKERKB
CVE-2021-42840
22 Oct 202119:15
attackerkb
Circl
CVE-2021-42840
3 Jun 202114:18
circl
CNNVD
SuiteCRM 代码问题漏洞
22 Oct 202100:00
cnnvd
Cvelist
CVE-2021-42840
22 Oct 202118:20
cvelist
Metasploit
SuiteCRM Log File Remote Code Execution
3 Jun 202117:43
metasploit
NVD
CVE-2021-42840
22 Oct 202119:15
nvd
OSV
BIT-SUITECRM-2021-42840
6 Mar 202411:09
osv
Packet Storm
SuiteCRM 7.11.18 Remote Code Execution
17 Nov 202100:00
packetstorm
Packet Storm
📄 SuiteCRM 7.11.18 Log File Remote Code Execution
23 Feb 202600:00
packetstorm
Rows per page
NVD
Node
ParameterPositionPathDescriptionCWE
logger_file_namenestedindex.phpVulnerability in SuiteCRM logging configuration allowing PHP payload via log file extension and configurable file name, leading to RCE via log file.CWE-434
logger_file_extnestedindex.phpVulnerability in SuiteCRM logging configuration allowing PHP payload via log file extension and configurable file name, leading to RCE via log file.CWE-434
logger_levelnestedindex.phpVulnerability in SuiteCRM logging configuration allowing PHP payload via log file extension and configurable file name, leading to RCE via log file.CWE-434
savenestedindex.phpVulnerability in SuiteCRM logging configuration allowing PHP payload via log file extension and configurable file name, leading to RCE via log file.CWE-434
modulenestedindex.phpAttack vector where attacker injects PHP payload into last_name during log-poisoning via user record form, enabling RCE through the compromised log file.CWE-434
recordnestedindex.phpAttack vector where attacker injects PHP payload into last_name during log-poisoning via user record form, enabling RCE through the compromised log file.CWE-434
actionnestedindex.phpAttack vector where attacker injects PHP payload into last_name during log-poisoning via user record form, enabling RCE through the compromised log file.CWE-434
pagenestedindex.phpAttack vector where attacker injects PHP payload into last_name during log-poisoning via user record form, enabling RCE through the compromised log file.CWE-434
return_actionnestedindex.phpAttack vector where attacker injects PHP payload into last_name during log-poisoning via user record form, enabling RCE through the compromised log file.CWE-434
user_namenestedindex.phpAttack vector where attacker injects PHP payload into last_name during log-poisoning via user record form, enabling RCE through the compromised log file.CWE-434
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 04:10Current
9.1High risk
Vulners AI Score9.1
CVSS 3.18.8
CVSS 29
EPSS0.58945
122