CVE-2023-47643 PoC — SalesAgility SuiteCRM 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-47643.yaml

Associated Vulnerability

Title:SalesAgility SuiteCRM 安全漏洞 (CVE-2023-47643)
Description:Salesagility SalesAgility SuiteCRM是英国Salesagility公司的一套企业级开源客户关系管理（CRM）。 SalesAgility SuiteCRM 8.4.2之前版本存在安全漏洞，该漏洞源于Graphql Introspection无需身份验证即可启用，导致攻击者可以获取GraphQL架构和其他敏感字段。

Description

Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions.

File Snapshot


 id: CVE-2023-47643

info:
  name: SuiteCRM Unauthenticated Graphql Introspection
  author: isacaya
 

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!