Описание
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.
Ссылки
- Release Notes
- Release Notes
- Third Party Advisory
- Product
- Product
- Release Notes
- Release Notes
- Third Party Advisory
- Product
- Product
Уязвимые конфигурации
Конфигурация 1Версия от 7.10.0 (включая) до 7.10.35 (исключая)Версия от 7.12 (включая) до 7.12.2 (исключая)
Одно из
cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00437
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
около 4 лет назад
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.
EPSS
Процентиль: 63%
0.00437
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352