Unrated severityNVD Advisory· Published Jun 10, 2024· Updated Aug 2, 2024
SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution
CVE-2024-36415
Description
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
Affected products
3- Range: < 7.14.4
Patches
Vulnerability mechanics
References
1- github.com/salesagility/SuiteCRM/security/advisories/GHSA-c82f-58jv-jfrhmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.