Lucene search
MitreCVELIST:CVE-2022-23940HistoryMar 07, 2022 - 7:06 p.m.
CVE-2022-23940
2022-03-0719:06:35
mitre
www.cve.org
1
SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project dependencies include a number of interesting PHP deserialization gadgets (e.g., Monolog/RCE1 from phpggc) that can be used for Code Execution.
Related
osv
osv
BIT-suitecrm-2022-23940
2024-03-06 11:08:05
CVE-2022-23940
2022-03-10 17:45:56
checkpoint_advisories
checkpoint_advisories
SalesAgility SuiteCRM Remote Code Execution (CVE-2022-23940)
2022-10-02 00:00:00
cve
cve
CVE-2022-23940
2022-03-10 17:45:56
prion
prion
Deserialization of untrusted data
2022-03-10 17:45:00
nvd
nvd
CVE-2022-23940
2022-03-10 17:45:56
cnvd
cnvd
SuiteCRM Deserialization Vulnerability
2022-03-14 00:00:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Salesagility Suitecrm
2022-03-06 17:05:02