Skip to content
Permalink
main
Switch branches/tags
Go to file
 
 
Cannot retrieve contributors at this time

[CVEID]

CVE-2021-41597

[PRODUCT]

SuiteCRM

[VERSION]

before 7.10.35 and before 7.12.2

[PROBLEM TYPE]

Remote Code Execution

[DESCRIPTION]

SuiteCRM before 7.10.35 and 7.12.2 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.

Timeline:

  • Reported to vendor 18.09.2021
  • Acknowledged 22.09.2021
  • Validated 22.09.2021
  • Fixed 17.12.2021