Lucene search
K

9 matches found

0day.today
0day.today
added 2023/03/10 12:0 a.m.645 views

SugarCRM 12.x Remote Code Execution / Shell Upload Exploit

This Metasploit module exploits CVE-2023-22952, a remote code execution vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and Serve versions prior to 12.0.2. This module requires Metasploit:...

8.8CVSS9AI score0.80274EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/03/10 12:0 a.m.337 views

SugarCRM 12.x Remote Code Execution / Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'securerandom' class MetasploitModule 'SugarCRM unauthenticated Remote Code Execution RCE', 'Description' = %q This module exploits CVE-2023-22952, a Remote Code...

8.8CVSS0.3AI score0.80274EPSS
Exploits4
Metasploit
Metasploit
added 2023/03/09 7:53 p.m.730 views

SugarCRM unauthenticated Remote Code Execution (RCE)

This module exploits CVE-2023-22952, a Remote Code Execution RCE vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and Serve versions prior to 12.0.2. The vulnerability occurs due to a lack of appropriat...

8.8CVSS9.9AI score0.80274EPSS
Exploits4
Circl
Circl
added 2023/02/03 6:39 a.m.10 views

CVE-2023-22952

creationtimestamp| type| source ---|---|--- 2023-02-03 06:39:42+00:00| exploited| https://t.me/thehackernews/3014 2023-03-09 17:01:25+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/sugarcrmwebshellcve202322952.rb 2023-03-11 12:57:01+00:00|...

8.8CVSS7.6AI score0.80274EPSS
In wildExploits4References15
The Hacker News
The Hacker News
added 2023/02/03 5:23 a.m.136 views

CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack

The U.S. Cybersecurity and Infrastructure Security Agency CISA on February 2 added two security flaws to its Known Exploited Vulnerabilities KEV Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is CVE-2022-21587 CVSS score: 9.8, a critical issue impacting...

9.8CVSS2.3AI score0.98342EPSS
Exploits16
The Hacker News
The Hacker News
added 2023/01/14 8:11 a.m.76 views

Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability

A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That's according to attack surface management platform Censys, which found only 26 out of a total of 6,427 servers to ...

9.8CVSS0.5AI score0.99826EPSS
Exploits52
OSV
OSV
added 2023/01/11 9:15 a.m.4 views

CVE-2023-22952

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation...

8.8CVSS5.9AI score0.80274EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2023/01/11 12:0 a.m.54 views

CVE-2023-22952

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. Recent assessments: h00die-gr3y at January 18, 2023 8:56am UTC reported: Last December, 28th 2022, a zero.day vulnerability in the SugarCRM applicati...

8.8CVSS9AI score0.80274EPSS
In wildExploits4References3
Vulnrichment
Vulnrichment
added 2023/01/11 12:0 a.m.17 views

CVE-2023-22952

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation...

8.8AI score0.80274EPSS
Exploits4References2
Rows per page
Query Builder