Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project dependencies include a number of interesting PHP deserialization gadgets (e.g., Monolog/RCE1 from phpggc) that can be used for Code Execution.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SuiteCRM 代码问题漏洞
Vulnerability Description
SuiteCRM是SuiteCRM(Suitecrm)团队的一个客户关系管理系统。 SuiteCRM 7.12.1版本及之前版本、8.x版本至8.0.1版本 存在安全漏洞,该漏洞源于SuiteCRM允许远程代码执行。攻击者可以在 email_recipients 属性中利用 PHP 反序列化来实现此目的。
CVSS Information
N/A
Vulnerability Type
N/A