Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: September 29, 2021
OverviewIn “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the data as a CSV file and opens it, the payload gets executed. This was not fixed properly as part of CVE-2020-15301, allowing the attacker to bypass the security measure.
DetailsThe application “SuiteCRM” is affected by “CSV Injection” vulnerability (Formula Injection). A low privileged user (attacker) can use the accounts module to inject payloads in the input fields. When an administrator accesses the accounts module to export the data as a CSV file and opens it, the payload gets executed.
PoC DetailsFor demonstration purposes we'll use 2 users -
1. Alice - low privileged user
2. Admin - administrator
Login into the application as Alice and go to the accounts module. Now in the first name field, insert the CSV injection payload.
Start listener on port 4444.
Then login into the application as Admin and navigate to the accounts module. Select the fields and under Bulk Action click on export. A CSV file will be downloaded. Open it with excel.
When Admin clicks on the first column that contains the payload, it gets executed and the data in cells A3 & B3 will be sent to Alice’s address.
Affected Environmentsv7.11.18 - v7.11.19 and v7.10.29 - v7.10.31
PreventionUpgrade to version v7.10.32, v7.11.21 or higher
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||Low|
|User Interaction (UI):||Required|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Medium|