Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2021-42840
HistoryOct 22, 2021 - 7:15 p.m.

CVE-2021-42840

2021-10-2219:15:08
Google
osv.dev
9
suitecrm
remote code execution
log file name
admin account takeover
attacker-controlled php file
incomplete fix.

AI Score

7.9

Confidence

Low

EPSS

0.11

Percentile

95.2%

JSON

SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328.

Related

osv 3
cvelist 2
nvd 2
cve 2
prion 2
metasploit 1
zdt 2
packetstorm 3
exploitdb 2
checkpoint_advisories 1
githubexploit 1
rapid7blog 1
osv
osv
BIT-suitecrm-2021-42840
2024-03-06 11:09:30
CVE-2020-28328
2020-11-06 19:15:14
BIT-suitecrm-2020-28328
2024-03-06 11:11:11
cvelist
cvelist
CVE-2021-42840
2021-10-22 18:20:23
CVE-2020-28328
2020-11-06 18:18:05
nvd
nvd
CVE-2021-42840
2021-10-22 19:15:08
CVE-2020-28328
2020-11-06 19:15:14
cve
cve
CVE-2021-42840
2021-10-22 19:15:08
CVE-2020-28328
2020-11-06 19:15:14
prion
prion
Remote code execution
2021-10-22 19:15:00
Remote code execution
2020-11-06 19:15:00
metasploit
metasploit
SuiteCRM Log File Remote Code Execution
2021-05-22 05:11:19
zdt
zdt
SuiteCRM 7.11.18 - Remote Code Execution Exploit
2021-11-17 00:00:00
SuiteCRM Log File Remote Code Execution Exploit
2021-06-04 00:00:00
packetstorm
packetstorm
SuiteCRM 7.11.18 Remote Code Execution
2021-11-17 00:00:00
SuiteCRM 7.11.15 Remote Code Execution
2020-11-09 00:00:00
SuiteCRM Log File Remote Code Execution
2021-06-04 00:00:00
exploitdb
exploitdb
SuiteCRM 7.11.18 - Remote Code Execution (RCE) (Authenticated) (Metasploit)
2021-11-17 00:00:00
SuiteCRM 7.11.15 - 'last_name' Remote Code Execution (Authenticated)
2020-11-09 00:00:00
checkpoint_advisories
checkpoint_advisories
SuiteCRM Remote Code Execution (CVE-2020-28328)
2020-11-28 00:00:00
githubexploit
githubexploit
Exploit for Unrestricted Upload of File with Dangerous Type in Salesagility Suitecrm
2020-11-06 00:56:36
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-06-04 19:11:19

AI Score

7.9

Confidence

Low

EPSS

0.11

Percentile

95.2%

JSON
Related for OSV:CVE-2021-42840
osv3cvelist2nvd2cve2prion2metasploit1zdt2packetstorm3exploitdb2checkpoint_advisories1githubexploit1rapid7blog1