Be in love with vulnerability scanning
Mageni is a powerful and easy vulnerability scanner used by companies of all sizes. You will be in love with Mageni's powerful features, ease of use and price. Free for 7-days then $39 monthly for infinite IPs.
Start nowNo Contracts, Cancel at Anytime and 7-days Money-Back Guarantee.
CVE-2021-42840
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328..
CVSSv2.0 Score
- Severity
- High
- Base Score
- 9/10
- Exploit Score
- 8/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- Single
- Impact Score
- 10/10
- Confidentiality Impact
- Complete
- Availability Impact
- Complete
- Integrity Impact
- Complete
CVSSv3.1 Score
- Severity
- High
- Base Score
- 8.8/10
- Exploit Score
- 2.8/10
- Access Vector
- Network
- Access Complexity
- Low
- Privileges Required
- Low
- Impact Score
- 5.9/10
- Confidentiality Impact
- High
- Availability Impact
- High
- Integrity Impact
- High
- Scope
- Unchanged
- User Interaction
- None
Products Affected
| CPE | Affected | Vulnerable | Excluding | Edit |
|---|---|---|---|---|
| cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:* |
Yes
|
- | 7.11.19 |
References
- https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/linux/htt
- https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_19
- https://suitecrm.com/time-to-upgrade-suitecrm-7-11-19-7-10-30-lts-released/
- https://theyhack.me/SuiteCRM-RCE-2/
- http://packetstormsecurity.com/files/165001/SuiteCRM-7.11.18-Remote-Code-Execution.html
Every 11 seconds there is a ransomware attack.
Mageni can help you manage this threat by understanding your vulnerabilities and prioritizing the remediation.
Sign up for free