Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2020-28320

Published: 26/01/2021 Updated: 07/11/2023

Vulnerability Summary

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none

Vulnerability Trend

Exploits

Exploit DB: SuiteCRM Log File Remote Code Execution
This Metasploit module exploits an input validation error on the log file extension parameter It does not properly validate upper/lower case characters Once this occurs, the application log file will be treated as a php file The log file can then be populated with php code by changing the username of a valid user, as this info is logged The php ...
Exploit DB: SuiteCRM 7.11.18 Remote Code Execution
This Metasploit module exploits an input validation error on the log file extension parameter of SuiteCRM version 71118 It does not properly validate upper/lower case characters Once this occurs, the application log file will be treated as a php file The log file can then be populated with php code by changing the username of a valid user, as ...

References

https://nvd.nist.govhttps://packetstormsecurity.com/files/162975/SuiteCRM-Log-File-Remote-Code-Execution.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367CVE-2024-3611CVE-2024-4947CVE-2024-32988CVE-2020-35165local file inclusionCVE-2024-4980bypassmalicious code‎
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook