Lucene search
MitreCVELIST:CVE-2020-28328HistoryNov 06, 2020 - 6:18 p.m.
CVE-2020-28328
2020-11-0618:18:05
mitre
www.cve.org
3
suitecrm
remote code execution
web root
admin account takeover
cve-2020-28328
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.
References
packetstormsecurity.com/files/159937/SuiteCRM-7.11.15-Remote-Code-Execution.html
packetstormsecurity.com/files/162975/SuiteCRM-Log-File-Remote-Code-Execution.html
packetstormsecurity.com/files/165001/SuiteCRM-7.11.18-Remote-Code-Execution.html
github.com/mcorybillington/SuiteCRM-RCE
suitecrm.com/suitecrm-7-11-17-7-10-28-lts-versions-released/
Related
prion
prion
Remote code execution
2020-11-06 19:15:00
Remote code execution
2021-10-22 19:15:00
osv
osv
CVE-2020-28328
2020-11-06 19:15:14
BIT-suitecrm-2020-28328
2024-03-06 11:11:11
CVE-2021-42840
2021-10-22 19:15:08
nvd
nvd
CVE-2020-28328
2020-11-06 19:15:14
CVE-2021-42840
2021-10-22 19:15:08
cve
cve
CVE-2020-28328
2020-11-06 19:15:14
CVE-2021-42840
2021-10-22 19:15:08
exploitdb
exploitdb
checkpoint_advisories
checkpoint_advisories
SuiteCRM Remote Code Execution (CVE-2020-28328)
2020-11-28 00:00:00
githubexploit
githubexploit
packetstorm
packetstorm
SuiteCRM 7.11.15 Remote Code Execution
2020-11-09 00:00:00
SuiteCRM Log File Remote Code Execution
2021-06-04 00:00:00
SuiteCRM 7.11.18 Remote Code Execution
2021-11-17 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-06-04 19:11:19
zdt
zdt
SuiteCRM Log File Remote Code Execution Exploit
2021-06-04 00:00:00
SuiteCRM 7.11.18 - Remote Code Execution Exploit
2021-11-17 00:00:00
cvelist
cvelist
CVE-2021-42840
2021-10-22 18:20:23
metasploit
metasploit
SuiteCRM Log File Remote Code Execution
2021-05-22 05:11:19