M. Cory Billington - Security Researcher - Exploit Intelligence Platform

CVE-2021-42840 METASPLOIT HIGH ruby WORKING POC

SuiteCRM < 7.11.19 - Remote Code Execution via Log File Name Setting

SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328.

CVSS 8.8

View Code

CVE-2020-28320 METASPLOIT ruby WORKING POC

Rejected

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none

View Code

CVE-2020-28328 METASPLOIT HIGH ruby WORKING POC

SuiteCRM < 7.11.17 - Remote Code Execution via Log File Name Setting

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.

CVSS 8.8

View Code

CVE-2020-28328 EXPLOITDB HIGH python WORKING POC

SuiteCRM < 7.11.17 - Remote Code Execution via Log File Name Setting

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.

CVSS 8.8

View Code

CVE-2021-42840 EXPLOITDB HIGH ruby WORKING POC

SuiteCRM < 7.11.19 - Remote Code Execution via Log File Name Setting

SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328.

CVSS 8.8

View Code

CVE-2021-31933 EXPLOITDB HIGH python WORKING POC

Chamilo <= 1.11.14 - Authenticated Remote Code Execution via File Upload Parameter

A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution.

CVSS 7.2

View Code