M. Cory Billington - Security Researcher - Exploit Intelligence Platform

CVE-2021-42840 METASPLOIT HIGH ruby WORKING POC

Salesagility Suitecrm < 7.11.19 - Unrestricted File Upload

SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328.

CVSS 8.8

View Code

CVE-2020-28320 METASPLOIT ruby WORKING POC

Rejected

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none

View Code

CVE-2020-28328 METASPLOIT HIGH ruby WORKING POC

Salesagility Suitecrm < 7.11.17 - Unrestricted File Upload

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.

CVSS 8.8

View Code

CVE-2020-28328 EXPLOITDB HIGH python WORKING POC

Salesagility Suitecrm < 7.11.17 - Unrestricted File Upload

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.

CVSS 8.8

View Code

CVE-2021-42840 EXPLOITDB HIGH ruby WORKING POC

Salesagility Suitecrm < 7.11.19 - Unrestricted File Upload

SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328.

CVSS 8.8

View Code

CVE-2021-31933 EXPLOITDB HIGH python WORKING POC

Chamilo < 1.11.14 - Remote Code Execution

A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution.

CVSS 7.2

View Code