SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution.
References
Link | Resource |
---|---|
https://docs.suitecrm.com/8.x/admin/releases/8.0/ | Release Notes Vendor Advisory |
https://docs.suitecrm.com/admin/releases/7.12.x/ | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2022-01-28 09:15
Updated : 2022-02-02 10:01
NVD link : CVE-2021-45899
Mitre link : CVE-2021-45899
JSON object : View
CWE
CWE-502
Deserialization of Untrusted Data
Products Affected
salesagility
- suitecrm