Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2020-28320

Published: 26/01/2021 Updated: 07/11/2023

Vulnerability Summary

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none

Vulnerability Trend

Exploits

Exploit DB: SuiteCRM 7.11.18 Remote Code Execution
This Metasploit module exploits an input validation error on the log file extension parameter of SuiteCRM version 71118 It does not properly validate upper/lower case characters Once this occurs, the application log file will be treated as a php file The log file can then be populated with php code by changing the username of a valid user, as ...
Exploit DB: SuiteCRM Log File Remote Code Execution
This Metasploit module exploits an input validation error on the log file extension parameter It does not properly validate upper/lower case characters Once this occurs, the application log file will be treated as a php file The log file can then be populated with php code by changing the username of a valid user, as this info is logged The php ...

References

https://nvd.nist.govhttps://packetstormsecurity.com/files/165001/SuiteCRM-7.11.18-Remote-Code-Execution.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook