Deserialization of Untrusted Data Affecting jakubpas/suitecrm package, versions >=0.0.0
Snyk CVSS
Attack Complexity
Low
Privileges Required
High
Confidentiality
High
Integrity
High
Threat Intelligence
Exploit Maturity
Proof of concept
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-JAKUBPASSUITECRM-1277522
- published 29 Apr 2021
- disclosed 28 Apr 2021
- credit Sam Sanoop of Snyk Security Team
How to fix?
There is no fixed version for jakubpas/suitecrm
.
Overview
jakubpas/suitecrm is a composer fork of SuiteCRM - the open source alternative to SalesForce, Microsoft Dynamics and SugarCRM Professiona
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. Phar Deserialization is possible due to insufficient checks within the admin area.
Note: jakubpas/suitecrm
is an out of date fork of SuiteCRM and successful exploitation of the vulnerability through chaining differs from the out of date fork.