Remote Code Execution in SuiteCRM by SalesAgility
CVE-2022-23940

8.8HIGH

Key Information:

Vendor: Salesagility
Status: Suitecrm
Vendor: CVE Published:; 7 March 2022

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 44%

Summary

SuiteCRM, a popular customer relationship management tool, is vulnerable to Remote Code Execution, specifically affecting versions through 7.12.1 and 8.x up to 8.0.1. The vulnerability arises when authenticated users of the Scheduled Reports module manipulate the email_recipients property through crafted requests. This unauthorized access allows attackers to create a report containing a malicious PHP deserialization payload. When other users access the compromised report, the system deserializes the email_recipients field, inadvertently executing the payload and compromising the backend. This vulnerability takes advantage of PHP deserialization gadgets, including known components like Monolog/RCE1, posing significant risks to affected systems. Organizations using these versions of SuiteCRM should consider immediate updates and security measures.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-23940
Created by manuelz120

References

https://github.com/manuelz120

x_refsource_MISC

https://docs.suitecrm.com/8.x/admin/releases/8.0/

x_refsource_MISC

EPSS Score

44% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 7, 2022
🟡
Public PoC available
Mar 6, 2022
👾
Exploit known to exist
Mar 6, 2022
Vulnerability Reserved
Jan 25, 2022