This Metasploit module exploits an input validation error on the log file extension parameter of SuiteCRM version 7.11.18. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can then be populated with php code by changing the username of a valid user, as this info is logged. The php code in the file can then be executed by sending an HTTP request to the log file. A similar issue was reported by the same researcher where a blank file extension could be supplied and the extension could be provided in the file name. This exploit will work on those versions as well, and those references are included.
7f2ef0fa96275977d80eca31460f8f2876baa953ce756a42a73f7d1524b141fb
This Metasploit module exploits an input validation error on the log file extension parameter. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can then be populated with php code by changing the username of a valid user, as this info is logged. The php code in the file can then be executed by sending an HTTP request to the log file. A similar issue was reported by the same researcher where a blank file extension could be supplied and the extension could be provided in the file name. This exploit will work on those versions as well, and those references are included.
ec5ef5c3f76e27557be6a802468fa8e1b2e50b2a6a2993479fd1a906363a8c90
Chamilo LMS version 1.11.14 authenticated remote code execution exploit.
5acc13c23322a41001bab9b40d04275fecff5dd103b69fecf80f0e2b5f9ab152
SuiteCRM version 7.11.15 suffers from an authenticated remote code execution vulnerability.
01765bb0c089aa14728aa27a9a2f9df90fd877e20b6db152f7b1c4f203fe3d3f