Share
---------------------------------------------------------------------  
SuiteCRM <= 7.11.11 Second-Order PHP Object Injection Vulnerabilities  
---------------------------------------------------------------------  
  
  
[-] Software Link:  
  
https://suitecrm.com/  
  
  
[-] Affected Versions:  
  
Version 7.11.11 and prior versions.  
  
  
[-] Vulnerabilities Description:  
  
1) The vulnerability exists because the   
"EmailsControllerActionGetFromFields::getEmailSignatures()” method  
is using the unserialize() function with the "account_signatures” user   
preference, and such a value can be  
arbitrarily manipulated by evil users through the EmailUIAjax interface.   
This can be exploited to inject  
arbitrary PHP objects into the application scope, allowing an attacker   
to perform a variety of attacks,  
such as executing arbitrary PHP code.  
  
2) The vulnerability exists because the   
"EmailsControllerActionGetFromFields::handleActionGetFromFields()”  
method is using the unserialize() function with the "showFolders” user   
preference, and such a value can be  
arbitrarily manipulated by evil users through the EmailUIAjax interface.   
This can be exploited to inject  
arbitrary PHP objects into the application scope, allowing an attacker   
to perform a variety of attacks,  
such as executing arbitrary PHP code.  
  
  
[-] Solution:  
  
No official solution is currently available.  
  
  
[-] Disclosure Timeline:  
  
[19/09/2019] - Vendor notified  
[20/09/2019] - Vendor acknowledgement  
[12/11/2019] - Vendor contacted again asking for updates, no response  
[20/01/2020] - Vendor notified about public disclosure intention, no   
response  
[07/02/2020] - CVE number assigned  
[12/02/2020] - Public disclosure  
  
  
[-] CVE Reference:  
  
The Common Vulnerabilities and Exposures project (cve.mitre.org)  
has assigned the name CVE-2020-8800 to these vulnerabilities.  
  
  
[-] Credits:  
  
Vulnerabilities discovered by Egidio Romano.  
  
  
[-] Original Advisory:  
  
http://karmainsecurity.com/KIS-2020-01