lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAJeQoQcYVvDYh-s-H+q7AtUNTxkGPWCaXNT727VutiPZ60FcYA@mail.gmail.com>
Date: Mon, 10 Aug 2020 16:31:29 +0200
From: Egidio Romano <n0b0d13s@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] SugarCRM < 10.1.0 (Reports Export) SQL Injection Vulnerability

SugarCRM < 10.1.0 (Reports Export) SQL Injection Vulnerability

*• Software Link:*

https://www.sugarcrm.com

*• Affected Versions:*

All versions prior to 10.1.0 (Q3 2020).

*• Vulnerability Description:*

User input passed through the encoded “current_post” parameter to
‘index.php’ (when “entryPoint” is set to “export” and “module” is set to
“Reports”) is not properly sanitized before being used to construct a SQL
query. This can be exploited by remote attackers to e.g. read sensitive
data from the database through e.g. time-based SQL Injection attacks.

*• Proof of Concept:*

http://karmainsecurity.com/pocs/CVE-2020-17373

*• Solution:*

Upgrade to version 10.1.0 (Q3 2020) or later.

*• Disclosure Timeline:*

[05/02/2020] – Vendor notified
[06/02/2020] – Automatic vendor response received
[26/03/2020] – Vendor contacted again; no response
[17/04/2020] – Vendor contacted again; no response
[18/06/2020] – Vendor notified about a 180-day disclosure deadline
[03/08/2020] – After around 180 days the vendor silently fix the issue
[06/08/2020] – CVE number assigned
[10/08/2020] – Public disclosure

*• CVE Reference:*

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2020-17373
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-17373> to this
vulnerability.

*• Credits:*

Vulnerability discovered by Egidio Romano.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists