CVE-2021-45041
HIGHSuiteCRM < 7.12.2 and 8.x < 8.0.1 - Authenticated SQL Injection via Project Module Tooltips
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-45041. PoCs published by manuelz120.
AI-analyzed exploit summary This repository contains a functional PoC for CVE-2021-45041, an authenticated SQL injection vulnerability in SuiteCRM <= 8.0. The exploit leverages a backslash to escape a single quote in the `resource_id` parameter, allowing arbitrary SQL injection via the `start_date` parameter.
Description
SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resource_id and start_date.
Exploits (1)
This repository contains a functional PoC for CVE-2021-45041, an authenticated SQL injection vulnerability in SuiteCRM <= 8.0. The exploit leverages a backslash to escape a single quote in the `resource_id` parameter, allowing arbitrary SQL injection via the `start_date` parameter.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H