SuiteCRM Path Traversal Vulnerability in ModuleBuilder Export Function
Vulnerability
A path traversal vulnerability has been identified in SuiteCRM versions prior to 7.15.1 and 8.9.3. The issue arises in the 'action_exportCustom' function within 'modules/ModuleBuilder/controller.php', where path traversal sequences in the '$modules' and '$name' parameters are not properly sanitized. These parameters are later used in the 'exportCustom' function in 'modules/ModuleBuilder/MB/MBPackage.php' to construct file paths for reading and writing. This vulnerability allows users with access to the ModuleBuilder module, typically administrators, to create requests that copy the contents of any accessible directory on the host into the web root, making them publicly readable. Affected directories include system files and web server root directories, potentially exposing sensitive information such as secrets and environment variables.
Impact
Exploitation of this vulnerability allows for unauthorized copying of readable directories into the web root, where the contents can be accessed publicly. This could lead to exposure of sensitive system files and environment variables.
Remediation
Users can upgrade to SuiteCRM versions 7.15.1 or 8.9.3 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.