SuiteCRM version 7.11.15 suffers from an authenticated remote code execution vulnerability.
01765bb0c089aa14728aa27a9a2f9df90fd877e20b6db152f7b1c4f203fe3d3f
This Metasploit module exploits an authenticated SQL injection in SuiteCRM in versions before 7.12.6. The vulnerability allows an authenticated attacker to send specially crafted requests to the export entry point of the application in order to retrieve all the usernames and their associated password from the database.
668d40628faf73dd32554ae84c36e46a6ae67a8a8d4b003f7fec6bd01f8d03a0
This Metasploit module exploits an input validation error on the log file extension parameter of SuiteCRM version 7.11.18. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can then be populated with php code by changing the username of a valid user, as this info is logged. The php code in the file can then be executed by sending an HTTP request to the log file. A similar issue was reported by the same researcher where a blank file extension could be supplied and the extension could be provided in the file name. This exploit will work on those versions as well, and those references are included.
7f2ef0fa96275977d80eca31460f8f2876baa953ce756a42a73f7d1524b141fb
This Metasploit module exploits an input validation error on the log file extension parameter. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can then be populated with php code by changing the username of a valid user, as this info is logged. The php code in the file can then be executed by sending an HTTP request to the log file. A similar issue was reported by the same researcher where a blank file extension could be supplied and the extension could be provided in the file name. This exploit will work on those versions as well, and those references are included.
ec5ef5c3f76e27557be6a802468fa8e1b2e50b2a6a2993479fd1a906363a8c90
SuiteCRM versions 7.11.10 and below suffer from multiple remote SQL injection vulnerabilities.
6d0664ee294d9c0e355362341a51a1fb0526746a2bbe5d841ef37520620739c4
SuiteCRM versions 7.11.11 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks.
bf17496e890701853063b6c0ff76d7e4c10126a589c0ff3f257def2dcf623ee6
SuiteCRM versions 7.11.11 and below suffer from an action_saveHTMLField bean manipulation vulnerability.
2180571bb1e2260ae7306d067b16cfbedbc9933b8f3852afefaabda12b8e98f8
SuiteCRM versions 7.11.11 and below suffer from multiple phar deserialization vulnerabilities.
6635b4d98132797e97d5f7beb1446ac64f1d1b045f58dd11a4416288eebcbc03
SuiteCRM versions 7.11.11 and below suffer from a second-order php object injection vulnerability.
0b39b583ac4c6a3f164f129018fb829ea101106ca187de455b16329ca19a3403
SuiteCRM version 7.10.7 suffers from multple remote SQL injection vulnerabilities.
f583d959eb1bbef80e7c6627ad1371a3948b262779c192a50df55da96824e357
The imap_open function within PHP, if called without the /norsh flag, will attempt to preauthenticate an IMAP session. On Debian based systems, including Ubuntu, rsh is mapped to the ssh binary. Ssh's ProxyCommand option can be passed from imap_open to execute arbitrary commands. While many custom applications may use imap_open, this exploit works against the following applications: e107 v2, prestashop, SuiteCRM, as well as Custom, which simply prints the exploit strings for use. Prestashop exploitation requires the admin URI, and administrator credentials. suiteCRM/e107/hostcms require administrator credentials.
5db80502619550a84a9d8068ff710ec5534f3d8a3239b812c7c114f85cc7972a