Writeup on CVE-2020-28328: SuiteCRM Log File Remote Code Execution plus some bonus Cross-Site Scripting
CVE-2020-28328 SuiteCRM Remote Code Execution via Log File System Setting and Log File Poisioning Overview I recently discovered two vulnerabilities in SuiteCRM that provides an attack chain for a low privileged user to achieve code execution on the underlying operating system The attack chain is Cross-Site Scripting, which can be used to perform Cross-Site Request Forgery, wh