automatic module_metadata_base.json update

2022-09-13 17:04:46 -05:00 · 2022-09-13 17:04:46 -05:00 · 811c8e3b57
parent fcd137ba41
commit 811c8e3b57
1 changed files with 59 additions and 0 deletions
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@ -21289,6 +21289,65 @@
    "session_types": false,
    "needs_cleanup": false
  },
+  "auxiliary_gather/suite_crm_export_sqli": {
+    "name": "SuiteCRM authenticated SQL injection in export functionality",
+    "fullname": "auxiliary/gather/suite_crm_export_sqli",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": "2022-05-24",
+    "type": "auxiliary",
+    "author": [
+      "Exodus Intelligence",
+      "jheysel-r7",
+      "Redouane NIBOUCHA <rniboucha@yahoo.fr>"
+    ],
+    "description": "This module exploits an authenticated SQL injection in SuiteCRM in versions before 7.12.6. The vulnerability\n          allows an authenticated attacker to send specially crafted requests to the export entry point of the application in order\n          to retrieve all the usernames and their associated password from the database.",
+    "references": [
+      "URL-https://blog.exodusintel.com/2022/06/09/salesagility-suitecrm-export-request-sql-injection-vulnerability/",
+      "URL-https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": null,
+    "mod_time": "2022-09-12 23:46:10 +0000",
+    "path": "/modules/auxiliary/gather/suite_crm_export_sqli.rb",
+    "is_install_path": true,
+    "ref_name": "gather/suite_crm_export_sqli",
+    "check": true,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
  "auxiliary_gather/teamtalk_creds": {
    "name": "TeamTalk Gather Credentials",
    "fullname": "auxiliary/gather/teamtalk_creds",