Vulnerabilities

CVE-2020-28328

by Fred · 06/11/2020

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.

Date published : 2020-11-06

http://packetstormsecurity.com/files/159937/SuiteCRM-7.11.15-Remote-Code-Execution.html

http://packetstormsecurity.com/files/162975/SuiteCRM-Log-File-Remote-Code-Execution.html

Similar

Tags: Cybersecurity Alert