Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SuiteCRM - CSV Injection in Accounts Module
Vulnerability Description
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the data as a CSV file and opens it, the payload gets executed. This was not fixed properly as part of CVE-2020-15301, allowing the attacker to bypass the security measure.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-1236
Vulnerability Title
SuiteCRM 注入漏洞
Vulnerability Description
SuiteCRM是SuiteCRM(Suitecrm)团队的一个客户关系管理系统。 SuiteCRM存在注入漏洞,该漏洞源于SuiteCRM受到CSV 注入漏洞(公式注入)的影响。 低特权攻击者可以使用帐户模块在输入字段中注入有效载荷。 当管理员访问帐户模块以将数据导出为 CSV 文件并打开它时,将执行有效负载。 作为 CVE-2020-15301 的一部分,这没有得到正确修复,允许攻击者绕过安全措施。
CVSS Information
N/A
Vulnerability Type
N/A