CVE-2023-35810

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing input validation. Admin user privileges are required to exploit this vulnerability. Editions other than Enterprise are also affected.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/174302/SugarCRM-12.2.0-PHP-Object-Injection.html
http://seclists.org/fulldisclosure/2023/Aug/28
https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-009/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sugarcrm:sugarcrm:::::enterprise:::*
	cpe:2.3:a:sugarcrm:sugarcrm:::::professional:::*
	cpe:2.3:a:sugarcrm:sugarcrm:::::sell:::*
	cpe:2.3:a:sugarcrm:sugarcrm:::::serve:::*
	cpe:2.3:a:sugarcrm:sugarcrm:::::ultimate:::*
	cpe:2.3:a:sugarcrm:sugarcrm:::::enterprise:::*
	cpe:2.3:a:sugarcrm:sugarcrm:::::sell:::*
	cpe:2.3:a:sugarcrm:sugarcrm:::::serve:::*

History

No history.

Information

Published : 2023-06-17 22:15

Updated : 2023-08-23 16:15

NVD link : CVE-2023-35810

Mitre link : CVE-2023-35810

CVE.ORG link : CVE-2023-35810

JSON object : View

Products Affected

sugarcrm

sugarcrm

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

{"id": "CVE-2023-35810", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2023-06-17T22:15:09.553", "references": [{"url": "http://packetstormsecurity.com/files/174302/SugarCRM-12.2.0-PHP-Object-Injection.html", "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2023/Aug/28", "source": "cve@mitre.org"}, {"url": "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-009/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing input validation. Admin user privileges are required to exploit this vulnerability. Editions other than Enterprise are also affected."}], "lastModified": "2023-08-23T16:15:08.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "F2920E2F-99C4-4C67-9336-BD5A02EC0E71", "versionEndExcluding": "11.0.6", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:professional:*:*:*", "vulnerable": true, "matchCriteriaId": "6A6F5559-F05F-43B8-A972-E06B5AD0B249", "versionEndExcluding": "11.0.6", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:sell:*:*:*", "vulnerable": true, "matchCriteriaId": "C2391868-9E0B-44D3-8206-B4D66FF98374", "versionEndExcluding": "11.0.6", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:serve:*:*:*", "vulnerable": true, "matchCriteriaId": "8165A201-F418-46B5-8574-FEECF535D00D", "versionEndExcluding": "11.0.6", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:ultimate:*:*:*", "vulnerable": true, "matchCriteriaId": "67E235C5-274C-45DD-B3E2-266E8A9E778B", "versionEndExcluding": "11.0.6", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "0239BDAF-6DF6-4CC7-97C6-53EB4BEFB784", "versionEndExcluding": "12.0.3", "versionStartIncluding": "12.0.0"}, {"criteria": "cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:sell:*:*:*", "vulnerable": true, "matchCriteriaId": "9BC5281D-BEA4-4AE7-ACAF-5814E5E62CAC", "versionEndExcluding": "12.0.3", "versionStartIncluding": "12.0.0"}, {"criteria": "cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:serve:*:*:*", "vulnerable": true, "matchCriteriaId": "539A1F9D-92B2-43A4-B28C-19B1C25B2A45", "versionEndExcluding": "12.0.3", "versionStartIncluding": "12.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.2 /10