What is CVE-2021-42840?

CVE-2021-42840 is a vulnerability in N/a. Published 2021-10-22.

Is CVE-2021-42840 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-42840

SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root…

EPSS: 0.589 (99.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

docs.suitecrm.com/admin/releases/7.11.x/ (x_refsource_MISC)
github.com/rapid7/metasploit-framework/commits/master/modules/exploits/linux/ht… (x_refsource_MISC)
suitecrm.com/time-to-upgrade-suitecrm-7-11-19-7-10-30-lts-released/ (x_refsource_MISC)
theyhack.me/SuiteCRM-RCE-2/ (x_refsource_MISC)
packetstormsecurity.com/files/165001/SuiteCRM-7.11.18-Remote-Code-Execution.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-42840?: CVE-2021-42840 is a vulnerability in N/a. Published 2021-10-22.
Is CVE-2021-42840 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.