Published: 19/12/2021 Updated: 04/01/2022

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

SuiteCRM prior to 7.12.2 and 8.x prior to 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resource_id and start_date.

Vulnerable Product	Search on Vulmon	Subscribe to Product
salesagility suitecrm
salesagility suitecrm 8.0
salesagility suitecrm 8.0.0

PoC for CVE-2021-45041

CVE-2021-45041 PoC for CVE-2021-45041 aka SCRMBT-#177 - Authenticated SQL-Injection in SuiteCRM <= 80 Usage Options: (venv) ➜ CVE-2021-45041 git:(main) /exploitpy --help Usage: exploitpy [OPTIONS] Options: -h, --host TEXT Root of SuiteCRM installation Defaults to localhost -u, --username TEXT Username -p, --

CWE-89 https://docs.suitecrm.com/8.x/admin/releases/8.0/https://docs.suitecrm.com/admin/releases/7.12.x/https://github.com/manuelz120/CVE-2021-45041 https://nvd.nist.gov https://github.com/manuelz120/CVE-2021-45041

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-45041

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect