cves/CVE-2021-41597.md at main · ach-ing/cves

Go to file

Cannot retrieve contributors at this time

16 lines (15 sloc) 451 Bytes

Raw Blame

[CVEID]

CVE-2021-41597

[PRODUCT]

SuiteCRM

[VERSION]

before 7.10.35 and before 7.12.2

[PROBLEM TYPE]

Remote Code Execution

[DESCRIPTION]

SuiteCRM before 7.10.35 and 7.12.2 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.

Timeline:

Reported to vendor 18.09.2021
Acknowledged 22.09.2021
Validated 22.09.2021
Fixed 17.12.2021