Security Advisory

CVE-2020-28328

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-11-06 18:18:05

Last updated 2024-08-04 16:33:59

Assigner mitre

State PUBLISHED

Description

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.

← Browse all CVEs View on cve.org ↗