CVE-2020-28328

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-28328

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28328.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-28328

Aliases

BIT-suitecrm-2020-28328

Published

2020-11-06T19:15:14.143Z

Modified

2026-05-28T04:05:59.717750258Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, loggerfilename can refer to an attacker-controlled .php file under the web root.

Database specific

{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "7.11.17"
                },
                {
                    "fixed": "7.11.17"
                }
            ],
            "vendor_product": "salesagility:suitecrm",
            "cpes": [
                "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE"
        }
    ]
}

References

Affected packages

Git / github.com/SuiteCRM/SuiteCRM

Affected ranges

Type

GIT

Repo

https://github.com/SuiteCRM/SuiteCRM

Events

Introduced

Fixed

c0b55748904fb2aeb15ae7ab2afcd9657ebcde74

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.11.17"
        }
    ],
    "source": "DESCRIPTION"
}

Affected versions

7.*

7.9.6

v.*

v.7.9.11

v7.*

v7.0.2

v7.1

v7.1.1

v7.1.2

v7.1.3

v7.1.4

v7.10.0

v7.10.1

v7.10.10

v7.10.11

v7.10.12

v7.10.2

v7.10.3

v7.10.4

v7.10.5

v7.10.6

v7.10.7

v7.11.0

v7.11.1

v7.11.11

v7.11.12

v7.11.13

v7.11.14

v7.11.15

v7.11.16

v7.11.2

v7.11.3

v7.11.4

v7.11.5

v7.11.6

v7.11.7

v7.11.8

v7.2

v7.2.1

v7.2beta

v7.2beta2

v7.3

v7.3-beta

v7.3.1

v7.3.2

v7.4.1

v7.4.2

v7.4.3

v7.5-beta

v7.5-beta.2

v7.5.1

v7.6

v7.6.1

v7.7

v7.7-beta1

v7.7-beta2

v7.7-rc

v7.7-rc2

v7.7.2

v7.7.3

v7.7.4

v7.8.0

v7.8.0-beta

v7.8.0-beta.2

v7.8.0-rc

v7.8.1

v7.8.2

v7.9.0

v7.9.0-beta

v7.9.0-rc

v7.9.1

v7.9.10

v7.9.11

v7.9.12

v7.9.13

v7.9.14

v7.9.3

v7.9.4

v7.9.5

v7.9.8

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28328.json"