Prophaze WAF Blog
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted - Cloud WAF
Written by
Rajaneesh
| Mar 18, 2020 9:42:24 PM
Overview :
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.
Vulnerability Details :
CVE-2020-8787
Security
CVE: 2020-8803
– Local File Inclusion
CVE: 2020-8801
– PHP Object Injections
CVE: 2020-8800
– Second-Order PHP Object Injections
CVE: 2020-8802
– Bean Manipulation
Bug Fixes
Issue:
8541
– MySQL Database breaking on special characters
Backward incompatible config changes
CONFIRM:https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23
CONFIRM:https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_11
View full post