Page 12 of 82 results (0.015 seconds)

CVSS: 9.0EPSS: 7%CPEs: 1EXPL: 5

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root. SuiteCRM versiones anteriores a 7.11.17 es vulnerable a una ejecución de código remota por medio de la configuración Log File Name de los ajustes de sistema. En determinadas circunstancias involucra la toma de control de la cuenta de administrador, la función logger_file_name puede referirse a un archivo .php controlado por el atacante en la web root SuiteCRM version 7.11.15 suffers from an authenticated remote code execution vulnerability. • https://www.exploit-db.com/exploits/49001 http://packetstormsecurity.com/files/159937/SuiteCRM-7.11.15-Remote-Code-Execution.html http://packetstormsecurity.com/files/162975/SuiteCRM-Log-File-Remote-Code-Execution.html http://packetstormsecurity.com/files/165001/SuiteCRM-7.11.18-Remote-Code-Execution.html https://github.com/mcorybillington/SuiteCRM-RCE https://suitecrm.com/suitecrm-7-11-17-7-10-28-lts-versions-released https://theyhack.me/CVE-2020-28320-SuiteCRM-RCE https://theyhack.me/SuiteCRM- • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials. SuiteCRM versiones 7.10.x anteriores a 7.10.21 y versiones 7.11.x anteriores a 7.11.9, maneja inapropiadamente tokens y credenciales de acceso a la API. • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_21 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_9 • CWE-522: Insufficiently Protected Credentials •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism. SuiteCRM versiones 7.10.x anteriores a 7.10.21 y versiones 7.11.x anteriores a 7.11.9, no implementa correctamente el mecanismo de protección de .htaccess. • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_21 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_9 •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4). SuiteCRM versiones 7.10.x anteriores a 7.10.23 y versiones 7.11.x anteriores a 7.11.11, permiten una Inyección SQL (problema 2 de 4). • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_11 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4). SuiteCRM versiones 7.10.x anteriores a 7.10.23 y versiones 7.11.x anteriores a 7.11.11, permiten una Inyección SQL (problema 3 de 4). • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_11 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •