5 matches found
SuiteCRM 7.11.18 - Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM Log File Remote Code Execution', 'Description' = %q This module exploits an input validation error on the log file extension parameter. ...
SuiteCRM 7.11.18 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM Log File Remote Code Execution', 'Description' = %q This module exploits an input validation error on the log file extension parameter. ...
CVE-2021-42840
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, loggerfilename can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were...
CVE-2021-42840
Conclusion: CVE-2021-42840 affects SuiteCRM
CVE-2021-42840
creationtimestamp| type| source ---|---|--- 2021-06-03 14:18:38+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/suitecrmlogfilerce.rb 2021-10-22 22:39:21+00:00| seen| https://t.me/cibsecurity/31054 2021-11-17 00:00:00+00:00| exploited|...