exploitDog

CVE-2022-45185

Опубликовано: 07 янв. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution.

Ссылки

https://docs.suitecrm.com/admin/releases/7.12.x/
Release Notes
https://github.com/Orange-Cyberdefense/CVE-repository/
Exploit
Third Party Advisory
https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/poc_SuiteCRM.py
Exploit
https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/poc_SuiteCRM.py
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:salesagility:suitecrm:7.12.7:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00324

Низкий

8.8 High

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-qjmp-rfrj-7cv5

CVSS3: 8.8

github

около 1 года назад

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution.

EPSS

Процентиль: 55%

0.00324

Низкий

8.8 High

CVSS3

Дефекты

CWE-502