Exploitation Summary
EIP tracks 1 public exploit for CVE-2024-36412. PoCs published by halilkirazkaya. A Nuclei detection template is also available.
AI-analyzed exploit summary This repository contains functional exploit code for multiple CVEs, including remote file inclusion, path traversal, and unauthorized file deletion vulnerabilities. Each PoC includes specific HTTP requests or commands to exploit the respective vulnerabilities.
Description
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
Exploits (1)
This repository contains functional exploit code for multiple CVEs, including remote file inclusion, path traversal, and unauthorized file deletion vulnerabilities. Each PoC includes specific HTTP requests or commands to exploit the respective vulnerabilities.
Nuclei Templates (1)
title:"SuiteCRM"
title="SuiteCRM"
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H