Lucene search
+L

11 matches found

packetstorm
packetstorm
added 2021/11/17 12:0 a.m.652 views

SuiteCRM 7.11.18 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM Log File Remote Code Execution', 'Description' = %q This module exploits an input validation error on the log file extension parameter. ...

9CVSS8.6AI score0.63267EPSS
Exploits12
zdt
zdt
added 2021/11/17 12:0 a.m.544 views

SuiteCRM 7.11.18 - Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM Log File Remote Code Execution', 'Description' = %q This module exploits an input validation error on the log file extension parameter. ...

9CVSS8.7AI score0.63267EPSS
Exploits12
prion
prion
added 2021/10/22 7:15 p.m.21 views

Remote code execution

SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, loggerfilename can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were...

9CVSS9.2AI score0.63267EPSS
Exploits11References5Affected Software1
packetstorm
packetstorm
added 2021/06/04 12:0 a.m.298 views

SuiteCRM Log File Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM Log File Remote Code Execution', 'Description' = %q This module exploits an input validation error on the log file extension parameter. ...

9CVSS8.7AI score0.63267EPSS
Exploits11
circl
circl
added 2021/06/03 2:18 p.m.31 views

CVE-2020-28328

creationtimestamp| type| source ---|---|--- 2021-06-03 14:18:38+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/suitecrmlogfilerce.rb 2021-06-06 13:45:48+00:00| seen| https://t.me/pwnwikizhchannel/605 2021-10-22 22:39:21+00:00| seen|...

9CVSS8AI score0.63267EPSS
Exploits10References3
checkpoint_advisories
checkpoint_advisories
added 2020/11/28 12:0 a.m.24 views

SuiteCRM Remote Code Execution (CVE-2020-28328)

A remote code execution vulnerability exists in SuiteCRM. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS8.9AI score0.63267EPSS
Exploits10
packetstorm
packetstorm
added 2020/11/09 12:0 a.m.227 views

SuiteCRM 7.11.15 Remote Code Execution

Exploit Title: SuiteCRM 7.11.15 - 'lastname' Remote Code Execution Authenticated Date: 08 NOV 2020 Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://suitecrm.com/ Software Link: https://github.com/salesagility/SuiteCRM Version: 7.11.15 and below Tested on: Ubuntu 20.04 LTS CVE:...

8.8AI score0.63267EPSS
Exploits10
exploitdb
exploitdb
added 2020/11/09 12:0 a.m.290 views

SuiteCRM 7.11.15 - 'last_name' Remote Code Execution (Authenticated)

Exploit Title: SuiteCRM 7.11.15 - 'lastname' Remote Code Execution Authenticated Date: 08 NOV 2020 Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://suitecrm.com/ Software Link: https://github.com/salesagility/SuiteCRM Version: 7.11.15 and below Tested on: Ubuntu 20.04 LTS CVE:...

9CVSS8.7AI score0.63267EPSS
Exploits10
nvd
nvd
added 2020/11/06 7:15 p.m.49 views

CVE-2020-28328

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, loggerfilename can refer to an attacker-controlled .php file under the web root...

9CVSS9AI score0.63267EPSS
Exploits10References5
cvelist
cvelist
added 2020/11/06 6:18 p.m.40 views

CVE-2020-28328

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, loggerfilename can refer to an attacker-controlled .php file under the web root...

9AI score0.63267EPSS
Exploits10References5
cve
cve
added 2020/11/06 6:18 p.m.134 views

CVE-2020-28328

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root. This is a high-severity issue (CVE-2020-28328)...

9CVSS8.8AI score0.63267EPSS
Exploits10References5Affected Software1
Rows per page
Query Builder